Rooting the Android Emulator – on Android Studio 2.3 (Android 4.4+)
Having struggled to easily find instructions on how to run apps as root on the Android Emulator, I’ve decided to document what worked for me. I’ve tested this on the emulator bundled in Android Studio 2.3 with an emulator running Android 4.4 (Kitkat)and 7.1.1 (Nougat).
NB: Basically, through ADB (the Android debug bridge) you can get root access to the filesystem (only). This means you can access privileged directories, change file/directory permissions, put apps and binaries in certain (many?) locations (not in the system partition, unless you make it writable), and run them via the command line interface. However, this does not mean that you will be able to run apps in the emulator directly as root.
Getting access to the filesystem as root is as easy as running:
adb root
or getting into the emulator and using su
, i.e.:
adb -e shell
su root
Notice the #
telling you that you are root. (The -e
just means to direct the adb connection to the emulator)
Now this is NOT exactly what I wanted, I wanted more!!
Rooting the Emulator:
Tl;dr: The basic idea is to get the correct su
(superuser) binary from the SuperSu project by Chainfire (Jorrit Jongma), put it in the right directory, change the permissions. Install the SuperSu app, turn off SELinux policies and set up a daemon. I won’t claim I understand the whole process (particularly the daemon part), but i’ll document below what worked for me.
I’ll assume we’re using a Windows machine as the host. (Running these on Ubuntu, or some other Linux /Unix flavour should not be too different).
Step 0: Installing the SuperSu app
Ideally this step could come first before everything else, or last, after everything else. If you install it now you, and try to run it, very likely it would indicate that the su
binary was not installed. If you try to run it after all the steps below, it should open error free and (without the dialog telling you that the binary is not installed).
Install the Supersu app either from Google Play or sideload it through adb
. The links are available at the SuperSu downloads section.
Install the Supersu.apk file through sideloading as follows:
adb -e install supersu.apk
Step 1: Start up the emulator with a writable system partition.
emulator.exe -avd [emulator_name] -writable-system
Step 2: Get the SU binary and put it in the right directory
You can download the Superuser binary from the supersu downloads section. Download the latest ZIP files. (As of writing this is Recovery Flashablev2.79). Unzip the archive. Locate the su
binary for the correct architecture of the emulator that you are using. In my case i’m running an emulator with Android x86 (on a Windows device), so i look under the x86 directory of the SuperSu ZIP archive. NB: If you are using Android 5.1 and above (or if you are getting some errors about Position Independent Executables [PIE]), what you need is the su.pie
binary, rather than the plain su
binary.
We now need to put the binary into the correct location as follows:
Make sure you are running adb as root using. Not sure why you need to remount, but for some reason it enables writing to the system partition, (after having used the -writable-system
directive).
adb root adb remount adb -e push C:\SuperSU-v2.79\x86\su.pie /system/xbin/su
Remember that if you are using an Android emulator with a version lower than Android 5.1 you likely will have to use the plain su
binary (not the su.pie
)
adb -e push C:\SuperSU-v2.79\x86\su /system/xbin/su
Not sure why, but some resources suggest that you need to push the binary to /system/bin/
for some Android versions. For good measure you can just do it, just incase.
Now we need to get into the emulator device through adb
and change the permissions of the su
binary.
adb -e shell su root cd /system/xbin/su chmod 06755 su
For good measure, if you also put the binary in /system/bin/su
you can also traverse into that directory and put the permissions of 06755
on the su
binary there in. (I can’t remember exactly whether i used 06755
, or just 755
as the permissions, but I seem to vaguely remember the former as what I used). Also i noticed that originally the permissions on the su
binary in the emulator had rwsr_x_x
permissions if i remember correct.
Step 3: Set the install
directive on the su
binary and set a daemon
I’m not entirely sure what is going on in this step, but it looks like the su
binary may have a --install
directive to install some more things (maybe??). I just followed [1] (from Android StackExchange).
su --install
Now we set up the daemon, (also taken from the same StackExchange post)
su --daemon&
Notice the ampersand (&) at the end of the line with no space before. This indicates that the daemon (service) should run in the background.
Step 4: Set SELinux to Permissive (i.e. turn off SELinux)
This step essentially turns off SELinux. Logically this step sounds like it should have come earlier, but for some reason it came at the end and still worked.
setenforce 0
In my situation, at this point the emulator seems to have hung/crashed. I just terminated it.
Now you can restart the emulator via the command line, or via Android Studio. It should start up successfully. If you had installed the SuperSu app then you can just run the app and it might prompt you that there is a new version of the binary. Install it via the “Normal” option (if prompted).
At this point everything should be working well, and you can test some other app that requires root permissions to verify that the su
binary is installed correctly and that the SuperSu (Gatekeeper) app fires correctly to “Grant” or “Deny” access to the requesting app.
References:
[2]. http://www.supersu.com/download
[4]. https://fedoraproject.org/wiki/SELinux/setenforce
[5]. https://www.cyberciti.biz/faq/howto-turn-off-selinux/
I can’t seem to get this to work on 7.1.1, it’s all fine until I run SuperSU’s install from the app when it causes the AVD to no longer boot. As a workaround, running setenforce 0, su –install and su –daemon& works fine, it’s just a bit of a pain
I’ve also got stuck waiting for the boot, I think it may have to do with the most recent SuperSU (2.82) not working correctly. Your workaround works, but if you don’t want to type those commands all the time, you can set them in an init script specifically for android.
“`
echo “#!/system/bin/sh” > /data/local/userinit.sh
echo “su –install” >> /data/local/userinit.sh
echo “su –daemon&” >> /data/local/userinit.sh
echo “setenforce 0” >> /data/local/userinit.sh
“`
https://android.stackexchange.com/questions/6558/how-can-i-run-a-script-on-boot
Hi,
I have followed all these steps in ubuntu 16.04, was a bit hard but after the whole process when i restarted the avd just a black screen is visible and it is not booting up, i am trying to root kitkat 4.4 .
Seems all previous comments discourage trying.
If it’s possible, can you share your rooted android vm through mega.nz
Sorry for the really late reply. Haven’t been working on this for a while. I’d have to look for the image. Perhaps it’s a bit late now.