KernelSU 是 Android GKI 设备的 root 解决方案，它工作在内核模式，并直接在内核空间中为用户空间应用程序授予 root 权限。 KernelSU 还提供了一个基于 overlayfs 的模块系统，允许您加载自定义插件到系统中。 它还提供了一种修改 /system 分区中文件的机制。乐享网测试KernelSU相对于Magisk能更好的隐藏Root。

新版特性

v2.0.0
Highlights
New supercall implementation: remove the tricky LSM hook with seccomp and ioctl, avoiding numerous side-channel attacks.
Support for kernel 6.12 and above.
Brand new theme.
What's Changed
ci: Update lkm kernel version by @dabao1955 in #2567
manager: hide root related features if kernelsu not available by @rsuntk in #2555
kernel/throne_tracker: we just uninstalled the manager, stop looking for it by @backslashxx in #2584
Translations update from Hosted Weblate by @weblate in #2558
build(deps): bump the npm group across 1 directory with 24 updates by @dependabot[bot] in #2586
build(deps): bump the crates group across 1 directory with 53 updates by @dependabot[bot] in #2585
build(deps): bump the maven group across 1 directory with 12 updates by @dependabot[bot] in #2579
ksud/installer: /odm handling by @backslashxx in #2513
ci: update kmi versions by @ukriu in #2591
Update zip-extensions and set needed features for zip by @aviraxp in #2592
Fix fallback option for createRootShell() by @aviraxp in #2593
Add a formatting string for the update list #2556 by @ShirkNeko in #2597
build(deps): bump the maven group across 1 directory with 4 updates by @dependabot[bot] in #2612
throne_tracker: avoid cross fs access by @aviraxp in #2626
Switch to prepare_creds/commit_creds by @aviraxp in #2631
kernel: throne_tracker: avoid cross-fs traversal using s_magic check by @backslashxx in #2633
Translations update from Hosted Weblate by @weblate in #2587
build(deps): bump the maven group across 1 directory with 7 updates by @dependabot[bot] in #2629
kernel: core_hook: fix refcount leaks on try_umount by @rsuntk in #2635
manger: fix lkm detection by @HSSkyBoy in #2654
kernel: selinux: rules: Fix illegal RCU lock usage in apply_kernelsu_rules() by @Tashar02 in #2646
kernel: added new prctl CMD_GET_MANAGER_UID to get the uid of the crowned manager by @rifsxd in #2673
feat(ui): improve predictive back animations by @wxxsfxyzm in #2675
ksud: make clippy happy by @5ec1cff in #2683
ksud: support vendor_boot patching for some odd devices by @ukriu in #2650
Update resetprop from Magisk v30.2 by @aviraxp in #2700
kernel: selinux: rules: Micro-optimize get_policydb() and fix illegal RCU lock usage in handle_sepolicy() by @Tashar02 in #2695
Reset seccomp filter count when escaping to root by @aviraxp in #2708
Handle unmount for isolated process correctly by @aviraxp in #2696
Revert "Handle unmount for isolated process correctly" by @Ylarod in #2718
manager: switch ui to miuix design style by @YuKongA in #2710
manager: fix button issues in module cards by @YuKongA in #2719
manager: Fix some issues by @YuKongA in #2725
manager: Add uninstall 2nd confirm by @YuKongA in #2729
manager: Support search module by @YuKongA in #2730
Strip JNI debug logs on release build by @aviraxp in #2732
Add files via upload by @aviraxp in #2733
fix 'for' loop problem by @aaaaaaaa-815 in #2745
Unmount isolated process which forks from zygote unconditionally by @aviraxp in #2747
Tweak shizuku template description by @aviraxp in #2746
Revert "Unmount isolated process which forks from zygote unconditionally" by @yujincheng08 in #2776
manager: Refactor module and superuser UI by @YuKongA in #2783
manager: Allow module update info to scroll naturally by @YuKongA in #2784
Don't write newline character to cgroup node by @aviraxp in #2804
remove ksu tmp by @Ylarod in #2815
Fix kernel panics caused by thread info flag corruption by @kerneltoast in #2818
ci: use ddk for faster ci, manual gki image build by @Ylarod in #2817
Fix incorrect function names in non-GKI integration documentation by @Copilot in #2722
kernel: fix out-of-tree building by @Ylarod in #2819
ci: move workflows to top-level and fix workflow references by @sakana164 in #2828
initial fastlane structures from IzzyOnDroid by @IzzySoft in #2715
templates: update translation by @igormiguell in #2761
Add another translation in id_ID by @CEKIKOFGAMERS in #2797
ci: Fix LKM version number anomaly and Git ownership issues by @Prslc in #2832
manager: add kernel_umount switch by @YuKongA in #2848
update ioctl macro by @Ylarod in #2850
ci: build dev manager by @Ylarod in #2851
Reapply: "kernel: Allow to use in Private Space" by @backslashxx in #2857

v1.0.5
ci: Update llvm version for chrome arcvm kernel build (#2551)
v1.0.3
[Manager]: UI improvements
[Module]: Fix potential corruption of module files during updates or installations.
[Kernel]: Resolve occasional reboots when using su.
[SU]: Correct the global mount namespace issue.
v1.0.2
[Kernel] Support for kernel version 6.6
[Module] Support for action.sh
[Manager] Various UI improvements
WARNING: Non-GKI devices should not upgrade to this version!
v1.0.1
manager: fix translation errors in zh_CN by @WenHao2130 in #1790
从非官方支持设备中移除K-Nel-M1721 by @KNKJ55 in #1792
non-GKI:Remove maintainer Coconutat's repositories by @Coconutat in #1794
Convert devpts domain to ksu_file by @aviraxp in #1801
manager: fix update no response when changelog is empty by @TinyHai in #1786
build(deps-dev): bump vitepress from 1.2.2 to 1.2.3 in /website by @dependabot in #1803
build(deps): bump zip from 2.1.0 to 2.1.2 in /userspace/ksud by @dependabot in #1799
build(deps): bump zip-extensions from 0.6.2 to 0.7.0 in /userspace/ksud by @dependabot in #1798
website: update translations by @igormiguell in #1796
build(deps): bump lifecycle from 2.8.0 to 2.8.1 in /manager by @dependabot in #1782
build(deps): bump agp from 8.4.1 to 8.5.0 in /manager by @dependabot in #1824
build(deps): bump androidx.compose:compose-bom from 2024.05.00 to 2024.06.00 in /manager by @dependabot in #1820
build(deps): bump clap from 4.5.4 to 4.5.7 in /userspace/ksud by @dependabot in #1817
build(deps): bump regex from 1.10.4 to 1.10.5 in /userspace/ksud by @dependabot in #1815
build(deps): bump zip from 2.1.2 to 2.1.3 in /userspace/ksud by @dependabot in #1810
website: fix typo by @dabao1955 in #1807
Redirect the Feature Requests issue template tab by @dabao1955 in #1788
manager: improve grammar in english by @igormiguell in #1814
build(deps): bump com.google.devtools.ksp from 2.0.0-1.0.21 to 2.0.0-1.0.22 in /manager by @dependabot in #1811
Translations update from Hosted Weblate by @weblate in #1734
throne_tracker: skip iterate if failed to open dir by @5ec1cff in #1832
Update resetprop by @aviraxp in #1842
build(deps): bump log from 0.4.21 to 0.4.22 in /userspace/ksud by @dependabot in #1843
build(deps): bump android_logger from 0.13.3 to 0.14.1 in /userspace/ksud by @dependabot in #1830
website: fix typo by @igormiguell in #1834
build(deps): bump clap from 4.5.7 to 4.5.8 in /userspace/ksud by @dependabot in #1850
build(deps): bump lifecycle from 2.8.1 to 2.8.3 in /manager by @dependabot in #1851
ksud: [Fix] grant root to the shell in debug mode by @RobinChenJP in #1853
ksud: upgrade zip by @yujincheng08 in #1859
Revert "ksud: [Fix] grant root to the shell in debug mode" by @yujincheng08 in #1860
build(deps-dev): bump vitepress from 1.2.3 to 1.3.0 in /website by @dependabot in #1865
Upgrade gradle by @yujincheng08 in #1866
Setup Android SDK by @yujincheng08 in #1867
build(deps): bump clap from 4.5.8 to 4.5.9 in /userspace/ksud by @dependabot in #1868
build(deps): bump rust-embed from 8.4.0 to 8.5.0 in /userspace/ksud by @dependabot in #1869
Allow skipping commented policy by @aviraxp in #1870
build(deps): bump agp from 8.5.0 to 8.5.1 in /manager by @dependabot in #1873
build(deps): bump com.google.devtools.ksp from 2.0.0-1.0.22 to 2.0.0-1.0.23 in /manager by @dependabot in #1872
build(deps-dev): bump vitepress from 1.3.0 to 1.3.1 in /website by @dependabot in #1879
Upgrade deps by @yujincheng08 in #1886
build(deps): bump org.lsposed.libcxx:libcxx from 27.0.11718014-beta1 to 27.0.12077973 in /manager by @dependabot in #1885
build(deps): bump io.coil-kt:coil-compose from 2.6.0 to 2.7.0 in /manager by @dependabot in #1888
Upgrade zip by @yujincheng08 in #1891
Group dependabot dependencies by @yujincheng08 in #1892
build(deps): bump the crates group in /userspace/ksud with 40 updates by @dependabot in #1894
build(deps): bump the npm group in /website with 13 updates by @dependabot in #1893
build(deps): bump the crates group in /userspace/ksud with 3 updates by @dependabot in #1898
build(deps): bump the npm group in /website with 2 updates by @dependabot in #1899
Upgrade rustix by @yujincheng08 in #1900
build(deps): bump syn from 2.0.71 to 2.0.72 in /userspace/ksud in the crates group by @dependabot in #1902
build(deps): bump the npm group in /website with 3 updates by @dependabot in #1903
build(deps): bump the npm group in /website with 3 updates by @dependabot in #1905
build(deps): bump the crates group in /userspace/ksud with 7 updates by @dependabot in #1908
build(deps): bump the npm group in /website with 6 updates by @dependabot in #1907
v1.0.0
KernelSU has been born for two years. Today we officially welcome version 1.0!
Due to the fact that we haven't added features to non-GKI devices for a long time, and maintaining them requires a significant amount of time, we have removed support for non-GKI devices. Non-GKI devices can only stay on version 0.9.5 (the manager can update). In the future, we will focus on adding new features for GKI devices.
Our energy is limited, but the rewards are even more limited, so please understand our choice, thank you!
v0.9.5
[Kernel] Fix random reboot caused by potential deadlock
[Kernel] Support private space for Android 15
[Manager] Fix file residue after complete uninstallation
[Manager] Support saving logs locally
v0.9.4
[Manager]: Fix selecting KMI not working.
[Kernel]: hook stable symbols to improbe compatibility.
[Module]: Update resetprop.
[Manager]: Some UI improvements.
[Kernel]: Fix some detection issues.
0.9.3
[Kernel]: Let the kernel choose who is qualified to be the manager, avoiding potential side-channel attacks.
[Manager]: Support uninstall permanently and restore stock boot in Settings. You can restore stock boot before OTA to avoid download the full firmware.
[Module]: Fix the issue of the App Profile template page not opening.
[Manager]: Fix scroll issues in Settings.
[Manager]: Support choose kmi manually for installation.
[Manager]: Fix dark mode not working in Splash Screen.
[WebUI]: Allow opening multiple modules simultaneously on WebUI.
[Manager]: Add module shrink in Settings.
[Manager]: Fix "grant root failed" in some cases.
[Manager]: Allow to use other su to install LKM mode.
v0.9.2
[manager]: Support offline patching of the kernel.
[kernel]: Fix issue with ColorOS.
[kernel]: Hide traces of LKM in user space.
[manager]: Fix possible errors during OTA upgrades.
v0.9.0
KernelSU now supports installation through kernel modules (LKM) (GKI Only), you can use it with official kernels or third-party kernels; at the same time, the manager has also added installation functionality, you can choose to patch files, install directly, or install after OTA. Regarding the new LKM installation method, there are some tips:
LKM does not support non-GKI kernels, and will not support them in the future;
When patching files, if the init_boot partition exists, you should choose to patch init_boot; otherwise, patch boot;
If you have already installed the GKI kernel provided by KernelSU and want to switch to the LKM method, you need to flash back to the stock kernel; if your device has an init_boot partition, you can directly flash back to the stock boot;
The installation method of GKI kernel and LKM will always exist, use whichever you like; in the future, it will also support flashing GKI kernel in the manager.
v0.8.1
Fix various issues caused by sparse files. Installing one module (no more) and rebooting immediately will fix the slowness issue
v0.8.0
[Module] Add support for displaying WebUI in modules.
[Module] Use sparse image to store module files to solve the problem of installation failure of certain large modules and dynamically sized modules.
[Module] Use new mount API when it is available for mounting module files.
[Module] Allow to set upperdir for OverlayFS to make the partition writable (CLI Only).
[Kernel] Fix some detections.
[Kernel] Fix a bug that causes some root processes cannot be killed.
[Manager] Add an option to disable automatic update check.
[Manager] Fix the misleading tips when manager grant root failed.
v0.7.5
To Make ZygiskNext Happy
[Script] Update allowlist.bt for devs
[SU] Support set gid and groups when su
[Module] Extract binaries properly and necessarily
[Kernel] Fix exec su in post-fs-data
[Module] Fix ksud temp path
[Manager] Update translation
v0.7.2
[SU] Fixed the issue of incorrect allowlist after an app with root permissions is uninstalled.
[SU] Fixed an issue that caused bootloop when uninstalling an application in multi-user after being granted root permissions.
[kernel] Support Linux kernel version 6.4.
[Module] Fixed the problem of non-standard module.prop causing module directory confusion.
[Module] Update busybox to 1.36.1.
[Module] Support using /debug_ramdisk as temporary directory.
[Security] Strengthen signature verification to avoid root privileges being taken over when using unofficial managers (CVE-2023-49794).
v0.7.1
[Kernel] Fix su not working on android14-6.1 kernel.
[Kernel] Fix wifi not working on android14-6.1 kernel.
[Module] Add missing groups for App Profile.
[Module] Fix changelog fetch failed.
[Module] Fix module page blank when module id is absent.
[Manager] Add translations.

特色功能

基于内核
KernelSU 运行在内核空间，对用户空间应用有更强的掌控。

白名单访问控制
只有被授权的 App 才可以访问 su，而其他 App 无法感知其存在。

受限制的 root 权限
KernelSU 可以自定义 su 的 uid, gid, groups, capabilities 和 SELinux 规则：把 root 权限关进笼子里。

模块系统 & 开源
KernelSU 支持通过 overlayfs 修改 /system，并且是 GPL-3 许可下的开源项目。

界面预览

应用下载