this post was submitted on 12 May 2024
1 points (66.7% liked)

GrapheneOS

124 readers
1 users here now

A community for GrapheneOS related questions and discussion.

founded 1 year ago
MODERATORS
 

So I really want GrapheneOS but I also want to have my phone rooted to have some features (like Aurora/Droid-ify background updates) but I don't know if this is incompatible and searching it on Google showed some old posts and forum discussions.

I know and I understand that rooting my phone basically breaks the logic of using GrapheneOS, but I still want to do it, is it possible?

I mean "possible" because from what I understand, when you flash a custom rom you need to format your whole phone, but the same process when rooting your phone, so it's possible?

top 2 comments
sorted by: hot top controversial new old
[โ€“] j4k3 2 points 6 months ago (1 children)

I don't know of a way to add a SU or SUDO binary. It is really dumb to do so if you have a basic understanding of the hardware and how the whole system works. Your hardware is untrusted from the get go. It is sandboxed but the presence of the root binary breaks that sandbox entirely. They have access to all the binaries in essence, but it is the lack of binaries capable of making changes to take control that protects you along with the SELinux context for each directory and application. All apps have an enormous amount of freedom inside their sandboxes. They are more like Linux users themselves than they are some software application. With every application you're basically trusting the developer to exist along side you on your device. This is the mechanism that enables users to have no background knowledge or interest in security and still have a functional device. The developer is given all the needed access in a sandbox where they have enormous access to the device; they are doing all the work for you. If the root binary, wget, or curl are present on the device, every app is a root kit to do whatever they want. In addition, the code on android apps is fail safe because of the lack of these binaries. They have super buggy junk code as standard. This only works because of no root.

All that said, I think you'd have to compile from source to add such a binary manually, but I could've wrong. IIRC, the root directory is accessible when USB is plugged in and the options enabled.

[โ€“] [email protected] 2 points 6 months ago

Thanks for the explanation, I didn't know that worked like that.