KernelSU 是 Android GKI 设备的 root 解决方案，它工作在内核模式，并直接在内核空间中为用户空间应用程序授予 root 权限。 KernelSU 还提供了一个基于 overlayfs 的模块系统，允许您加载自定义插件到系统中。 它还提供了一种修改 /system 分区中文件的机制。乐享网测试KernelSU相对于Magisk能更好的隐藏Root。

新版特性

重大变更：升级到 3.0 后需要重新安装所有模块
官方模块仓库：https://modules.kernelsu.org
v3.0.0
feat(ksud): Optimize ensure_dir_exist and do not hardcode path by @Tools-cx-app in #2932
kernel: Prune allowlist only after boot completed by @aviraxp in #2922
manager: display the same UID as a group by @YuKongA in #2933
manager: fix webui package manager by @YuKongA in #2934
kernel: no need to remark process on post-fs-data and boot-completed by @5ec1cff in #2935
kernel: file_wrapper: copy mode of original inode by @5ec1cff in #2937
kernel: Replace kmalloc() usages with kzalloc() by @aviraxp in #2939
support metamodule, remove built-in overlayfs mount by @Ylarod in #2929
ksud: add modules_update back by @5ec1cff in #2948
kernel/ksud: Fix KSU_IOCTL_NUKE_EXT4_SYSFS definition by @aviraxp in #2949
kernel: expose umount list to ioctl interface by @backslashxx in #2950
manager: add inset support to webui by @KOWX712 in #2952
Add undo uninstall module feature 添加撤销卸载模块功能 by @u9521 in #2920
Translations update from Hosted Weblate by @weblate in #2917
Add meta-overlayfs to Dependabot by @CanerKaraca23 in #2956
add module config, migrate managedFeatures by @Ylarod in #2965
ksud: Use regex to validate module id by @aviraxp in #2968
chore(ksud): enable clippy::all, clippy::pedantic && make clippy happy by @Tools-cx-app in #2970
manager: add support for opening and flashing zip files directly by @sakana164 in #2967
build(deps): bump androidx.activity:activity-compose from 1.11.0 to 1.12.0 in /manager in the maven group across 1 directory by @dependabot[bot] in #2964
ksud: Set KSU_MODULE only for module script by @aviraxp in #2971
kernel: Unmount all isolated process which forks from zygote by @aviraxp in #2972
Remove meta-overlayfs from Dependabot by @CanerKaraca23 in #2974
ksud: refine boot patch, add --out-name arg to boot-patch and boot-restore command by @5ec1cff in #2982
kernel: Remove unreachable vfs_statx handling by @aviraxp in #2987
manager: Add confirmation dialog for ZIP module installation via external sources by @sakana164 in #2989
manager: provide monet color to webui by @KOWX712 in #2981
Translations update from Hosted Weblate by @weblate in #2963
add hasFragileUserData to keep manager data when uninstall by @u9521 in #3005
v2.1.2
Translations update from Hosted Weblate by @weblate in #2636
Fix legacy prctl check condition by @aviraxp in #2864
kernel: supercall: allow escalation on ioctl interface by @backslashxx in #2862
Support building for kernel 6.14+ by @hmtheboy154 in #2662
support mainline kernel by @aaaaaaaa-815 in #2869
kernel: use sys_enter tracepoint for sucompat by @Ylarod in #2866
Update Kernel Patches by @CanerKaraca23 in #2868
fix: mark tif by @Ylarod in #2871
fix sepolicy patch hint by @Ylarod in #2872
feature: add enhanced security by @Ylarod in #2873
manager: some ui changes by @YuKongA in #2870
fix: sucompat by @Ylarod in #2874
Translations update from Hosted Weblate by @weblate in #2875
Revert "kernel: remove unused workqueue" by @aviraxp in #2877
Translations update from Hosted Weblate by @weblate in #2876
Replace mutex with spinlock for tracepoint registration by @aviraxp in #2882
Switch kretprobe to heap by @aviraxp in #2880
kernel: Refactor selinux/selinux.c by @shadichy in #2881
Clean up kernel code by @aviraxp in #2898
manager: install: add choose partition support by @YuKongA in #2896
manager: if manager incompatible with current kernel, don't save ksud by @AlexLiuDev233 in #2895
website: fix Japanese translation of installation guide by @kitadai31 in #2897
manager: simplify find boot image by @tiann in #2901
manager: Fix export log toast crash by showing Toast on main thread by @suqi8 in #2904
kernel: Use task work to install fd by @aviraxp in #2905
Translations update from Hosted Weblate by @weblate in #2879
manager: 修复模板状态显示问题 by @u9521 in #2910
kernel: Fix task flag marking for root and shell UID by @aviraxp in #2913
kernel: fix zygote mark on first boot by @tiann in #2924
kernel: refine syscall_hook_manager by @5ec1cff in #2925
manager: introduce webui package manager api by @KOWX712 in #2928
js: provide package manager function and documentation by @KOWX712 in #2930
ci: fix android16-6.12 gki build by @tiann in #2931
v2.0.0
Highlights
New supercall implementation: remove the tricky LSM hook with seccomp and ioctl, avoiding numerous side-channel attacks.
Support for kernel 6.12 and above.
Brand new theme.
What's Changed
ci: Update lkm kernel version by @dabao1955 in #2567
manager: hide root related features if kernelsu not available by @rsuntk in #2555
kernel/throne_tracker: we just uninstalled the manager, stop looking for it by @backslashxx in #2584
Translations update from Hosted Weblate by @weblate in #2558
build(deps): bump the npm group across 1 directory with 24 updates by @dependabot[bot] in #2586
build(deps): bump the crates group across 1 directory with 53 updates by @dependabot[bot] in #2585
build(deps): bump the maven group across 1 directory with 12 updates by @dependabot[bot] in #2579
ksud/installer: /odm handling by @backslashxx in #2513
ci: update kmi versions by @ukriu in #2591
Update zip-extensions and set needed features for zip by @aviraxp in #2592
Fix fallback option for createRootShell() by @aviraxp in #2593
Add a formatting string for the update list #2556 by @ShirkNeko in #2597
build(deps): bump the maven group across 1 directory with 4 updates by @dependabot[bot] in #2612
throne_tracker: avoid cross fs access by @aviraxp in #2626
Switch to prepare_creds/commit_creds by @aviraxp in #2631
kernel: throne_tracker: avoid cross-fs traversal using s_magic check by @backslashxx in #2633
Translations update from Hosted Weblate by @weblate in #2587
build(deps): bump the maven group across 1 directory with 7 updates by @dependabot[bot] in #2629
kernel: core_hook: fix refcount leaks on try_umount by @rsuntk in #2635
manger: fix lkm detection by @HSSkyBoy in #2654
kernel: selinux: rules: Fix illegal RCU lock usage in apply_kernelsu_rules() by @Tashar02 in #2646
kernel: added new prctl CMD_GET_MANAGER_UID to get the uid of the crowned manager by @rifsxd in #2673
feat(ui): improve predictive back animations by @wxxsfxyzm in #2675
ksud: make clippy happy by @5ec1cff in #2683
ksud: support vendor_boot patching for some odd devices by @ukriu in #2650
Update resetprop from Magisk v30.2 by @aviraxp in #2700
kernel: selinux: rules: Micro-optimize get_policydb() and fix illegal RCU lock usage in handle_sepolicy() by @Tashar02 in #2695
Reset seccomp filter count when escaping to root by @aviraxp in #2708
Handle unmount for isolated process correctly by @aviraxp in #2696
Revert "Handle unmount for isolated process correctly" by @Ylarod in #2718
manager: switch ui to miuix design style by @YuKongA in #2710
manager: fix button issues in module cards by @YuKongA in #2719
manager: Fix some issues by @YuKongA in #2725
manager: Add uninstall 2nd confirm by @YuKongA in #2729
manager: Support search module by @YuKongA in #2730
Strip JNI debug logs on release build by @aviraxp in #2732
Add files via upload by @aviraxp in #2733
fix 'for' loop problem by @aaaaaaaa-815 in #2745
Unmount isolated process which forks from zygote unconditionally by @aviraxp in #2747
Tweak shizuku template description by @aviraxp in #2746
Revert "Unmount isolated process which forks from zygote unconditionally" by @yujincheng08 in #2776
manager: Refactor module and superuser UI by @YuKongA in #2783
manager: Allow module update info to scroll naturally by @YuKongA in #2784
Don't write newline character to cgroup node by @aviraxp in #2804
remove ksu tmp by @Ylarod in #2815
Fix kernel panics caused by thread info flag corruption by @kerneltoast in #2818
ci: use ddk for faster ci, manual gki image build by @Ylarod in #2817
Fix incorrect function names in non-GKI integration documentation by @Copilot in #2722
kernel: fix out-of-tree building by @Ylarod in #2819
ci: move workflows to top-level and fix workflow references by @sakana164 in #2828
initial fastlane structures from IzzyOnDroid by @IzzySoft in #2715
templates: update translation by @igormiguell in #2761
Add another translation in id_ID by @CEKIKOFGAMERS in #2797
ci: Fix LKM version number anomaly and Git ownership issues by @Prslc in #2832
manager: add kernel_umount switch by @YuKongA in #2848
update ioctl macro by @Ylarod in #2850
ci: build dev manager by @Ylarod in #2851
Reapply: "kernel: Allow to use in Private Space" by @backslashxx in #2857

特色功能

基于内核
KernelSU 运行在内核空间，对用户空间应用有更强的掌控。

白名单访问控制
只有被授权的 App 才可以访问 su，而其他 App 无法感知其存在。

受限制的 root 权限
KernelSU 可以自定义 su 的 uid, gid, groups, capabilities 和 SELinux 规则：把 root 权限关进笼子里。

模块系统 & 开源
KernelSU 支持通过 overlayfs 修改 /system，并且是 GPL-3 许可下的开源项目。

界面预览

应用下载