KernelSU 是 Android GKI 设备的 root 解决方案，它工作在内核模式，并直接在内核空间中为用户空间应用程序授予 root 权限。 KernelSU 还提供了一个基于 overlayfs 的模块系统，允许您加载自定义插件到系统中。 它还提供了一种修改 /system 分区中文件的机制。乐享网测试KernelSU相对于Magisk能更好的隐藏Root。

新版特性

0.9.3
[Kernel]: Let the kernel choose who is qualified to be the manager, avoiding potential side-channel attacks.
[Manager]: Support uninstall permanently and restore stock boot in Settings. You can restore stock boot before OTA to avoid download the full firmware.
[Module]: Fix the issue of the App Profile template page not opening.
[Manager]: Fix scroll issues in Settings.
[Manager]: Support choose kmi manually for installation.
[Manager]: Fix dark mode not working in Splash Screen.
[WebUI]: Allow opening multiple modules simultaneously on WebUI.
[Manager]: Add module shrink in Settings.
[Manager]: Fix “grant root failed” in some cases.
[Manager]: Allow to use other su to install LKM mode.
v0.9.2
[manager]: Support offline patching of the kernel.
[kernel]: Fix issue with ColorOS.
[kernel]: Hide traces of LKM in user space.
[manager]: Fix possible errors during OTA upgrades.
v0.9.0
KernelSU now supports installation through kernel modules (LKM) (GKI Only), you can use it with official kernels or third-party kernels; at the same time, the manager has also added installation functionality, you can choose to patch files, install directly, or install after OTA. Regarding the new LKM installation method, there are some tips:
LKM does not support non-GKI kernels, and will not support them in the future;
When patching files, if the init_boot partition exists, you should choose to patch init_boot; otherwise, patch boot;
If you have already installed the GKI kernel provided by KernelSU and want to switch to the LKM method, you need to flash back to the stock kernel; if your device has an init_boot partition, you can directly flash back to the stock boot;
The installation method of GKI kernel and LKM will always exist, use whichever you like; in the future, it will also support flashing GKI kernel in the manager.
v0.8.1
Fix various issues caused by sparse files. Installing one module (no more) and rebooting immediately will fix the slowness issue
v0.8.0
[Module] Add support for displaying WebUI in modules.
[Module] Use sparse image to store module files to solve the problem of installation failure of certain large modules and dynamically sized modules.
[Module] Use new mount API when it is available for mounting module files.
[Module] Allow to set upperdir for OverlayFS to make the partition writable (CLI Only).
[Kernel] Fix some detections.
[Kernel] Fix a bug that causes some root processes cannot be killed.
[Manager] Add an option to disable automatic update check.
[Manager] Fix the misleading tips when manager grant root failed.
v0.7.5
To Make ZygiskNext Happy
[Script] Update allowlist.bt for devs
[SU] Support set gid and groups when su
[Module] Extract binaries properly and necessarily
[Kernel] Fix exec su in post-fs-data
[Module] Fix ksud temp path
[Manager] Update translation
v0.7.2
[SU] Fixed the issue of incorrect allowlist after an app with root permissions is uninstalled.
[SU] Fixed an issue that caused bootloop when uninstalling an application in multi-user after being granted root permissions.
[kernel] Support Linux kernel version 6.4.
[Module] Fixed the problem of non-standard module.prop causing module directory confusion.
[Module] Update busybox to 1.36.1.
[Module] Support using /debug_ramdisk as temporary directory.
[Security] Strengthen signature verification to avoid root privileges being taken over when using unofficial managers (CVE-2023-49794).
v0.7.1
[Kernel] Fix su not working on android14-6.1 kernel.
[Kernel] Fix wifi not working on android14-6.1 kernel.
[Module] Add missing groups for App Profile.
[Module] Fix changelog fetch failed.
[Module] Fix module page blank when module id is absent.
[Manager] Add translations.
v0.7.0
We’re excited to report that we’ve delivered on the App Profile feature we promised 5 months ago! In this release, we have added an important feature to App Profile: Templates. You can create templates by yourself, import templates created by others, or directly use online templates. Templates can be directly applied to App Profile, without having to manually set each configuration! Therefore, even if you don’t understand the complex concepts in App Profile, you can easily restrict ROOT permissions through templates. In addition, welcome to contribute rules to online templates!

Changelog:
[Security] Fix a security issue similar to CVE-2023-5521, please upgrade as soon as possible; credits to qwerty472123@github!
[SU] App Profile now supports templates!
[Module] Fixed the bug that the module directory may be accidentally umounted, causing the manager module directory to be empty.
[SU] Fixed the issue where the allowlist may be messed up after an app is uninstalled.
[Kernel] Add android14-5.15 and android14-6.1, supporting Pixel8 series.
[SU] App Profile’s capability no longer requires CAP_DAC_READ_SEARCH and can run without any capability.
[Kernel] Fixed the bootloop issues when working with Magisk.
v0.6.9
[Kernel] Fixed security vulnerability.
[Module] The GKI kernel supports automatic umount of modules to solve the problem of certain applications detecting module mount points.
[Manager] Fixed the issue where the update log was too long causing the update dialog box to be abnormal.
[Module] Adapt to the init process below Android 9.
v0.6.8
– [Module] 修复某些模块安装失败后会导致所有模块全部消失的问题。
– [Manager] 修复更新模块时模块文件名不对的问题。
– [Manager] 现在可以在模块更新前显示更新日志。
– [Manager] 管理器更新时也可以展示更新日志。
– [Kernel] 修复被授予 su 权限的应用执行某些命令异常的问题。
– [Kernel] 更新内核分支。
v0.6.7
[Kernel]：修复内核版本字符串。
[Kernel]：修复 4.9 内核的构建。
[模块]：添加post-mount为模块和公共脚本添加阶段。
[模块]：修复模块在某些情况下安装失败的问题。
[管理器]：修复部分模块导致模块列表为空的bug。
v0.6.6
– [Manager] 大量语言的翻译更新，感谢所有在 Weblate 上贡献的开发者。
– [Manager] 修复某些情况下，管理器中模块列表全部不显示的 BUG。
– [Module] 启动脚本支持一个新的启动阶段 `boot-completed`，将会在系统启动完毕后执行，支持 common 和模块脚本。
– [Kernel] 内核任务使用全局单线程排队执行，避免时序问题导致 su 允许列表错乱。
– [Module] 修复刷入大体积模块可能会失败的 BUG。
– [Manager] 优化管理器中模块刷入时的日志输出，用户界面仅显示简洁日志，保存时文件写入详细日志。
– [Module] 卸载模块改为下次重启时执行，避免卸载可能不干净的问题。
– [Manager] 管理器中模块操作添加加载等待框。
– [Module] 修复没有安装模块时，common post-fs-data 脚本不执行的 BUG。
– [Manager] 修复管理器中若干提示文字没有居中的问题。
– [SU] 修复 su 参数解析不对的问题。
– [Manager] 管理器中安装模块时，输出日子自动滚动到底部。
– [Manager] 管理器中安装模块界面，自动屏蔽系统音量键，方便模块进行音量键选择。
– [Manager] 模块安装完毕后，刷新模块界面，避免用户误以为没有安装。
– [Kernel] 修复 4.9 上内核 keyring 没有正确安装导致模块无法使用的问题。
– [Module] 系统启动时，自动修复模块目录的 SELinux Context，避免部分启动失败问题。

特色功能

基于内核
KernelSU 运行在内核空间，对用户空间应用有更强的掌控。

白名单访问控制
只有被授权的 App 才可以访问 su，而其他 App 无法感知其存在。

受限制的 root 权限
KernelSU 可以自定义 su 的 uid, gid, groups, capabilities 和 SELinux 规则：把 root 权限关进笼子里。

模块系统 & 开源
KernelSU 支持通过 overlayfs 修改 /system，并且是 GPL-3 许可下的开源项目。

界面预览

应用下载