KernelSU Not Granting Full Root Privileges on Samsung M14 (One UI 6.1 - Android 14 June security patch) (GKI Kernel 5.15.123
Opened this issue · 15 comments
Please check before submitting an issue
- I have searched the issues and haven't found anything relevant
- I will upload bugreport file in KernelSU Manager - Settings - Report log
- I know how to reproduce the issue which may not be specific to my device
Describe the bug
I'm creating this issue after trying everything I can.
Our family recently bought a new phone (Samsung M14 4G - shipped with Android 14), and I noticed it has a GKI kernel (5.15.123)
Since I had never compiled GKI kernels before, I spent three days practicing by compiling the OEM kernel (GKI).
Source : https://github.com/ravindu644/a05s_stock
Today, after managing to configure custom defconfigs and menuconfig, I decided to try KernelSU.
After spending several hours adding and fixing various components, I successfully built a KSU-enabled kernel from the OEM source, and it booted on the first attempt!
The KernelSU Manager also shows the kernel version with the Working <GKI>
message.
However, the problem is that su
is not functioning properly. KernelSU Manager itself has minimal permissions, similar to ADB. I can only use the KernelSU Manager to perform basic actions like rebooting to download mode, etc.
When I grant root permissions to Root Checker, it shows that the device is rooted.
Shizuku also works since it requires minimal permissions.
However, apps that require higher privileges, like Root Explorer, report that my device isn't rooted.
Additionally, in terminal apps, it indicates that root is not functioning.
I thought this might be an issue with my kernel, so I disabled security features like Defex (this phone doesn’t have RKP, KDP, or UH since it lacks Knox).
The issue persists.
I also tried modifying selinux hooks.c
—no luck.
Installed the boot.img
from the official KSU releases—no luck.
I'm not sure what’s going on :(
I've collected some logs from logcat
since KernelSU Manager provides a log file with 0 bytes.
Thank you!
To Reproduce
??
Expected behavior
Normally, any rooting solution should work fine on a security disabled Samsung device.
Screenshots
No response
Logs
09-26 18:51:50.543 1026 1026 E audit : type=1400 audit(1727356910.541:8784): avc: denied { search } for pid=16493 comm="libksud.so" name="tests" dev="dm-54" ino=125 scontext=u:r:untrusted_app:s0:c0,c257,c512,c768 tcontext=u:object_r:shell_test_data_file:s0 tclass=dir permissive=0 SEPF_SM-M145F_13_0001 audit_filtered
09-26 18:51:50.543 1026 1026 E audit : type=1400 audit(1727356910.541:8785): avc: denied { search } for pid=16493 comm="libksud.so" name="tests" dev="dm-54" ino=125 scontext=u:r:untrusted_app:s0:c0,c257,c512,c768 tcontext=u:object_r:shell_test_data_file:s0 tclass=dir permissive=0 SEPF_SM-M145F_13_0001 audit_filtered
09-26 18:51:50.543 1026 1026 E audit : type=1400 audit(1727356910.541:8786): avc: denied { search } for pid=16493 comm="libksud.so" name="tests" dev="dm-54" ino=125 scontext=u:r:untrusted_app:s0:c0,c257,c512,c768 tcontext=u:object_r:shell_test_data_file:s0 tclass=dir permissive=0 SEPF_SM-M145F_13_0001 audit_filtered
09-26 18:51:50.543 1026 1026 E audit : type=1400 audit(1727356910.541:8787): avc: denied { search } for pid=16493 comm="libksud.so" name="tests" dev="dm-54" ino=125 scontext=u:r:untrusted_app:s0:c0,c257,c512,c768 tcontext=u:object_r:shell_test_data_file:s0 tclass=dir permissive=0 SEPF_SM-M145F_13_0001 audit_filtered
09-26 18:51:52.446 2177 2826 E SettingsToPropertiesMapper: key=persist.device_config.storage_native_boot.transcode_compat_manifest value=com.yelp.android,0,com.yy.biu,0,com.groupme.android,0,air.tv.douyu.android,0,com.baidu.mbaby,0,com.vlocker.locker,0,com.znxh.hyhuo,0,com.yixia.xiaokaxiu,0 exceeds system property max length.
09-26 18:54:03.976 1026 1026 E audit : type=1400 audit(1727357043.973:8847): avc: denied { read } for pid=14969 comm="sh" name="/" dev="dm-7" ino=59 scontext=u:r:untrusted_app_32:s0:c251,c256,c512,c768 tcontext=u:object_r:rootfs:s0 tclass=dir permissive=0 SEPF_SM-M145F_13_0001 audit_filtered
09-26 18:54:04.070 1026 1026 E audit : type=1400 audit(1727357044.065:8848): avc: denied { ioctl } for pid=14877 comm="Thread-41" path="/data/data/com.speedsoftware.rootexplorer/databases/explorer.db" dev="dm-54" ino=20991 ioctlcmd=0xf522 scontext=u:r:untrusted_app_32:s0:c251,c256,c512,c768 tcontext=u:object_r:app_data_file:s0:c251,c256,c512,c768 tclass=file permissive=0 SEPF_SM-M145F_13_0001 audit_filtered
09-26 18:54:05.223 1026 1026 E audit : type=1400 audit(1727357045.221:8849): avc: denied { read } for pid=14969 comm="sh" name="/" dev="dm-7" ino=59 scontext=u:r:untrusted_app_32:s0:c251,c256,c512,c768 tcontext=u:object_r:rootfs:s0 tclass=dir permissive=0 SEPF_SM-M145F_13_0001 audit_filtered
09-26 18:54:05.277 1026 1026 E audit : type=1400 audit(1727357045.273:8850): avc: denied { ioctl } for pid=14877 comm="Thread-44" path="/data/data/com.speedsoftware.rootexplorer/databases/explorer.db" dev="dm-54" ino=20991 ioctlcmd=0xf522 scontext=u:r:untrusted_app_32:s0:c251,c256,c512,c768 tcontext=u:object_r:app_data_file:s0:c251,c256,c512,c768 tclass=file permissive=0 SEPF_SM-M145F_13_0001 audit_filtered
09-26 18:54:40.875 1090 1123 E netd : Error adding route 202.129.232.62/32 -> 192.168.8.1 wlan0 to table 99: File exists
09-26 18:54:42.243 2177 2205 E Transition: Trying to add a ready-group twice: Display{#0 state=ON size=1080x2400 ROTATION_0}
09-26 18:54:42.245 3838 3838 E pageboostd: Received HALT command code 2
09-26 18:54:42.292 16606 16606 E ActivityThread: Failed to find provider info for com.samsung.android.app.sharestar.ShareStarProvider
09-26 18:54:42.292 16606 16606 E ShareStarManager: e:java.lang.IllegalArgumentException: java.lang.IllegalArgumentException: Unknown authority com.samsung.android.app.sharestar.ShareStarProvider
09-26 18:54:42.314 1026 1026 E audit : type=1400 audit(1727357082.309:8853): avc: denied { ioctl } for pid=14408 comm="binder:14408_4" path="/data/user_de/0/com.android.settings/databases/sem_share.db" dev="dm-54" ino=21511 ioctlcmd=0xf522 scontext=u:r:system_app:s0 tcontext=u:object_r:system_app_data_file:s0 tclass=file permissive=0 SEPF_SM-M145F_13_0001 audit_filtered
09-26 18:54:42.364 1026 1026 E audit : type=1400 audit(1727357082.361:8854): avc: denied { ioctl } for pid=16660 comm="RxCachedThreadS" path="/data/user/0/com.samsung.android.app.sharelive/databases/linkShare.db" dev="dm-54" ino=16485 ioctlcmd=0xf522 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file permissive=0 SEPF_SM-M145F_13_0001 audit_filtered
09-26 18:54:42.370 1026 1026 E audit : type=1400 audit(1727357082.365:8855): avc: denied { ioctl } for pid=16660 comm="RxCachedThreadS" path="/data/user/0/com.samsung.android.app.sharelive/databases/linkShare.db" dev="dm-54" ino=16485 ioctlcmd=0xf522 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file permissive=0 SEPF_SM-M145F_13_0001 audit_filtered
09-26 18:54:42.378 1026 1026 E audit : type=1400 audit(1727357082.373:8856): avc: denied { ioctl } for pid=16660 comm="arch_disk_io_2" path="/data/user/0/com.samsung.android.app.sharelive/databases/linkShare.db" dev="dm-54" ino=16485 ioctlcmd=0xf522 scontext=u:r:platform_app:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file permissive=0 SEPF_SM-M145F_13_0001 audit_filtered
09-26 18:54:42.389 3838 3838 E pageboostd: Received HALT command code 2
09-26 18:54:42.423 2177 2237 E WindowManager: win=Window{3b6b2ad u0 me.weishu.kernelsu/me.weishu.kernelsu.ui.MainActivity EXITING} destroySurfaces: appStopped=false cleanupOnResume=false win.mWindowRemovalAllowed=true win.mRemoveOnExit=true win.mViewVisibility=0 caller=com.android.server.wm.WindowState.onExitAnimationDone:5763 com.android.server.wm.WindowStateAnimator.onAnimationFinished:208 com.android.server.wm.WindowState.onAnimationFinished:5994 com.android.server.wm.WindowContainer$$ExternalSyntheticLambda4.onAnimationFinished:0 com.android.server.wm.SurfaceAnimator.lambda$getFinishedCallback$0:140 com.android.server.wm.SurfaceAnimator.$r8$lambda$eYT7rjaBOE8bCIRq043wVzQ_RTM:0 com.android.server.wm.SurfaceAnimator$$ExternalSyntheticLambda1.run:0
09-26 18:54:42.423 2177 4631 E AppOps : Bad call made by uid 10192. Package "com.samsung.android.mdx.kit" does not belong to uid 5026.
09-26 18:54:42.424 2177 4631 E AppOps : Cannot noteOperation
09-26 18:54:42.424 2177 4631 E AppOps : java.lang.SecurityException: Specified package "com.samsung.android.mdx.kit" under uid 5026 but it is not
09-26 18:54:42.424 2177 4631 E AppOps : at com.android.server.appop.AppOpsService.verifyAndGetBypass(AppOpsService.java:3942)
09-26 18:54:42.424 2177 4631 E AppOps : at com.android.server.appop.AppOpsService.verifyAndGetBypass(AppOpsService.java:3802)
09-26 18:54:42.424 2177 4631 E AppOps : at com.android.server.appop.AppOpsService.noteOperationUnchecked(AppOpsService.java:2649)
09-26 18:54:42.424 2177 4631 E AppOps : at com.android.server.appop.AppOpsService.noteProxyOperationImpl(AppOpsService.java:2609)
09-26 18:54:42.424 2177 4631 E AppOps : at com.android.server.appop.AppOpsService.-$$Nest$mnoteProxyOperationImpl(AppOpsService.java:0)
09-26 18:54:42.424 2177 4631 E AppOps : at com.android.server.appop.AppOpsService$CheckOpsDelegateDispatcher.$r8$lambda$i5BgzdKGjmZM_Fo82DEvnLz-fGw(AppOpsService.java:0)
09-26 18:54:42.424 2177 4631 E AppOps : at com.android.server.appop.AppOpsService$CheckOpsDelegateDispatcher$$ExternalSyntheticLambda5.apply(R8$$SyntheticClass:0)
09-26 18:54:42.424 2177 4631 E AppOps : at com.android.server.policy.AppOpsPolicy.noteProxyOperation(AppOpsPolicy.java:246)
09-26 18:54:42.424 2177 4631 E AppOps : at com.android.server.appop.AppOpsService$CheckOpsDelegateDispatcher.noteProxyOperation(AppOpsService.java:6556)
09-26 18:54:42.424 2177 4631 E AppOps : at com.android.server.appop.AppOpsService.noteProxyOperation(AppOpsService.java:2550)
09-26 18:54:42.424 2177 4631 E AppOps : at com.android.internal.app.IAppOpsService$Stub.onTransact(IAppOpsService.java:635)
09-26 18:54:42.424 2177 4631 E AppOps : at android.os.Binder.execTransactInternal(Binder.java:1380)
09-26 18:54:42.424 2177 4631 E AppOps : at android.os.Binder.execTransact(Binder.java:1311)
09-26 18:54:42.428 2177 4538 E AppOps : Bad call made by uid 10192. Package "com.samsung.android.mdx.kit" does not belong to uid 5026.
09-26 18:54:42.428 2177 4538 E AppOps : Cannot noteOperation
09-26 18:54:42.428 2177 4538 E AppOps : java.lang.SecurityException: Specified package "com.samsung.android.mdx.kit" under uid 5026 but it is not
09-26 18:54:42.428 2177 4538 E AppOps : at com.android.server.appop.AppOpsService.verifyAndGetBypass(AppOpsService.java:3942)
09-26 18:54:42.428 2177 4538 E AppOps : at com.android.server.appop.AppOpsService.verifyAndGetBypass(AppOpsService.java:3802)
09-26 18:54:42.428 2177 4538 E AppOps : at com.android.server.appop.AppOpsService.noteOperationUnchecked(AppOpsService.java:2649)
09-26 18:54:42.428 2177 4538 E AppOps : at com.android.server.appop.AppOpsService.noteProxyOperationImpl(AppOpsService.java:2609)
09-26 18:54:42.428 2177 4538 E AppOps : at com.android.server.appop.AppOpsService.-$$Nest$mnoteProxyOperationImpl(AppOpsService.java:0)
09-26 18:54:42.428 2177 4538 E AppOps : at com.android.server.appop.AppOpsService$CheckOpsDelegateDispatcher.$r8$lambda$i5BgzdKGjmZM_Fo82DEvnLz-fGw(AppOpsService.java:0)
09-26 18:54:42.428 2177 4538 E AppOps : at com.android.server.appop.AppOpsService$CheckOpsDelegateDispatcher$$ExternalSyntheticLambda5.apply(R8$$SyntheticClass:0)
09-26 18:54:42.428 2177 4538 E AppOps : at com.android.server.policy.AppOpsPolicy.noteProxyOperation(AppOpsPolicy.java:246)
09-26 18:54:42.428 2177 4538 E AppOps : at com.android.server.appop.AppOpsService$CheckOpsDelegateDispatcher.noteProxyOperation(AppOpsService.java:6556)
09-26 18:54:42.428 2177 4538 E AppOps : at com.android.server.appop.AppOpsService.noteProxyOperation(AppOpsService.java:2550)
09-26 18:54:42.428 2177 4538 E AppOps : at com.android.internal.app.IAppOpsService$Stub.onTransact(IAppOpsService.java:635)
09-26 18:54:42.428 2177 4538 E AppOps : at android.os.Binder.execTransactInternal(Binder.java:1380)
09-26 18:54:42.428 2177 4538 E AppOps : at android.os.Binder.execTransact(Binder.java:1311)
09-26 18:54:42.473 3065 3317 E #IMSCR : 09-26 18:54:42 0x1101000A:0,PDN FAIL:NOT_DEFINED,38
09-26 18:54:42.475 3065 3317 E GlobalSettingsRepoBase: globalgcsettings No matched key : use_usim_on_invalid_isim
09-26 18:54:42.475 3065 3317 E GlobalSettingsRepoBase: globalgcsettings No matched key : use_usim_on_invalid_isim
09-26 18:54:42.475 2993 3463 E BtGatt.GattService: [GSIM LOG]: gsimLogHandler, msg: MESSAGE_SCAN_STOP, appName: com.google.uid.shared, scannerId: 4, reportDelayMillis=0
09-26 18:54:42.477 16728 16728 E oid.documentsui: No package ID ff found for resource ID 0xffffffff.
09-26 18:54:42.498 3065 3065 E GlobalSettingsRepoBase: globalgcsettings No matched key : separate_vo5g_icon
09-26 18:54:42.509 16728 16728 E oid.documentsui: No package ID ff found for resource ID 0xffffffff.
09-26 18:54:42.511 2993 3463 E BtGatt.GattService: [GSIM LOG]: gsimLogHandler, msg: MESSAGE_SCAN_START, appName: com.google.uid.shared, scannerId: 4, reportDelayMillis=0
09-26 18:54:42.527 16728 16728 E oid.documentsui: No package ID ff found for resource ID 0xffffffff.
09-26 18:54:42.529 1026 1026 E audit : type=1400 audit(1727357082.525:8857): avc: denied { ioctl } for pid=6526 comm="binder:6526_1" path="/data/data/com.android.providers.downloads/databases/downloads.db" dev="dm-54" ino=5212 ioctlcmd=0xf522 scontext=u:r:mediaprovider:s0:c512,c768 tcontext=u:object_r:app_data_file:s0:c512,c768 tclass=file permissive=0 SEPF_SM-M145F_13_0001 audit_filtered
09-26 18:54:42.544 5579 16808 E MCFQS : () ()-[td:RxCachedThreadScheduler-3] Fail to get ContinuityAdapter
09-26 18:54:42.553 2993 3409 E BluetoothRemoteDevices: Remote class is UNCATEGORIZED
09-26 18:54:42.585 2993 3463 E BtGatt.GattService: [GSIM LOG]: gsimLogHandler, msg: MESSAGE_SCAN_STOP, appName: android.uid.mdxkit, scannerId: 5, reportDelayMillis=0
09-26 18:54:42.632 2993 3463 E BtGatt.GattService: [GSIM LOG]: gsimLogHandler, msg: MESSAGE_ADV_SET_START, appName: com.samsung.android.mdx.kit, id: 1, isLegacy: true
09-26 18:54:42.656 16728 16728 E oid.documentsui: No package ID ff found for resource ID 0xffffffff.
09-26 18:54:42.668 2993 3463 E BtGatt.GattService: [GSIM LOG]: gsimLogHandler, msg: MESSAGE_SCAN_START, appName: android.uid.mdxkit, scannerId: 5, reportDelayMillis=0
09-26 18:54:42.682 3838 3838 E pageboostd: Received HALT command code 2
09-26 18:54:42.689 16728 16728 E oid.documentsui: No package ID ff found for resource ID 0xffffffff.
09-26 18:54:43.158 2177 2205 E WindowManager: win=Window{fc59203 u0 Pop-up window} destroySurfaces: appStopped=true cleanupOnResume=false win.mWindowRemovalAllowed=false win.mRemoveOnExit=false win.mViewVisibility=8 caller=com.android.server.wm.WindowState.destroySurface:4146 com.android.server.wm.ActivityRecord.destroySurfaces:6952 com.android.server.wm.ActivityRecord.destroySurfaces:6933 com.android.server.wm.ActivityRecord.activityStopped:7633 com.android.server.wm.ActivityClientController.activityStopped:310 android.app.IActivityClientController$Stub.onTransact:702 com.android.server.wm.ActivityClientController.onTransact:175
09-26 18:54:43.158 2177 2205 E WindowManager: win=Window{63a1c2c u0 me.weishu.kernelsu/me.weishu.kernelsu.ui.MainActivity} destroySurfaces: appStopped=true cleanupOnResume=false win.mWindowRemovalAllowed=false win.mRemoveOnExit=false win.mViewVisibility=8 caller=com.android.server.wm.ActivityRecord.destroySurfaces:6952 com.android.server.wm.ActivityRecord.destroySurfaces:6933 com.android.server.wm.ActivityRecord.activityStopped:7633 com.android.server.wm.ActivityClientController.activityStopped:310 android.app.IActivityClientController$Stub.onTransact:702 com.android.server.wm.ActivityClientController.onTransact:175 android.os.Binder.execTransactInternal:1380
Device info
- Device: SM-M145F
- OS Version: Android 14 - One UI 6.1
- KernelSU Version: 11928
- Kernel Version: 5.15.123
Additional context
No response
I was able to dump the log files related to this incident using Magisk (from /data/adb/ksu/log:
edit : I was not able to find anything important in these logs. Maybe these issues are related to the manager itself?
edit 2: even with SE Linux permissive mode, the problem still exists which means this is related to manager or One UI itself :
Quick update: After wasting over 5-10 hours in the debugging process, I finally managed to identify why this happens and found a workaround to fix the issue.
I always thought there was something wrong with my device, but all of my efforts were in vain after I realized the issue is with KernelSU itself.
According to the issues created in this repo, I found the exact same issue as mine, stating that this problem started occurring after v0.9.2.
So, I downgraded my KSU version to v0.9.2 and tested it again.
Voila, it worked!
Hope you guys fix this issue ASAP.
Is your terminal a 32-bit application?
Is your terminal a 32-bit application?
maybe. btw this issue happened with half of my root related apps, even with the root explorer. Only shizuku and log fox worked in my scene :(
32 bit apps can't use su
after v0.9.2.
try this one: https://github.com/tiann/KernelSU/actions/runs/10977394262?pr=2084
okay, lemme check
try this one: https://github.com/tiann/KernelSU/actions/runs/10977394262?pr=2084
I did everything correctly. But, the problem still exists 😢
try this one: https://github.com/tiann/KernelSU/actions/runs/10977394262?pr=2084
bootloop with those CI builds
32 bit apps can't use
su
after v0.9.2.
Even I can't execute 'su' in ADB shell 🥲
try this one: https://github.com/tiann/KernelSU/actions/runs/10977394262?pr=2084
bootloop with those CI builds
Your KMI is android13-5.15 while tiann provided android14-5.15. Try this https://github.com/tiann/KernelSU/actions/runs/10977394263?pr=2084
try this one: https://github.com/tiann/KernelSU/actions/runs/10977394262?pr=2084
I did everything correctly. But, the problem still exists 😢
Root Explorer downloaded from https://rootexplorer.co/ cannot reproduce your problem
try this one: https://github.com/tiann/KernelSU/actions/runs/10977394262?pr=2084
bootloop with those CI builds
Your KMI is android13-5.15 while tiann provided android14-5.15. Try this https://github.com/tiann/KernelSU/actions/runs/10977394263?pr=2084
It booted, but it didn't fix any of my issues.
01. su in any terminal application is always broken :
02. Still 32 bit applications unable to get root access + flashing an upstreamed kernel broke some features in my phone like graphics and battery statistics
try this one: https://github.com/tiann/KernelSU/actions/runs/10977394262?pr=2084
bootloop with those CI builds
Your KMI is android13-5.15 while tiann provided android14-5.15. Try this https://github.com/tiann/KernelSU/actions/runs/10977394263?pr=2084
It booted, but it didn't fix any of my issues.
01. su in any terminal application is always broken :
02. Still 32 bit applications unable to get root access + flashing an upstreamed kernel broke some features in my phone like graphics and battery statistics
Run strace which su
in adb shell and upload the output
try this one: https://github.com/tiann/KernelSU/actions/runs/10977394262?pr=2084
bootloop with those CI builds
Your KMI is android13-5.15 while tiann provided android14-5.15. Try this https://github.com/tiann/KernelSU/actions/runs/10977394263?pr=2084
It booted, but it didn't fix any of my issues.
01. su in any terminal application is always broken :
02. Still 32 bit applications unable to get root access + flashing an upstreamed kernel broke some features in my phone like graphics and battery statistics
Run
strace which su
in adb shell and upload the output
Mmm. I locked the BL. I can only test this again after 2 months due to my exams. Hope someone will provide the necessary logs reguarding this issue, or don't close this issue as completed :)