This is a tutorial to build KernelSU-Next (rifsxd) with SuSFS (simonpunk) integrated in to a GKI (Generic Kernel Image). This is used to gain escalation on your mobile device.

This tutorial will use Pixel 7a as an example (Pixel 7 / 8 can be used) and is geared towards using AVB Android14-11. Other interfaces can be used (the tutorial shows how to get this information), but you would need to, perhaps, fix hunks and / or rejects against the source that is applicable to your device, when using the patches. We will build using Ubuntu 24.0.4.2 on WSL2 (this requires virtualization to be on).

…..

Pre-requirements:
You will need adb / fastboot.
Install git (sudo apt-get update && sudo apt-get -y install git)
You will need magiskboot.
Install curl (sudo apt-get -y install curl).

You will need to perform a one-time wipe to turn off boot verification so you can boot and flash things you build, to properly test before committal. Please see below but do not remove the -w (wipe USERDATA), but add on the aforementioned flags before it, Thereafter, you will always pass the needed flags when you flash the monthly updates (but remove the -w).
Note: As per Avo and urkiu, leaving it on, doesn’t appear to prevent you from booting and flashing since SPL is being modified, however antezero ran in to some odd issues which prevented proper back / forth updates, so it is advised to turn it off, which requires a one-time wipe.

Grab the stock boot.img (referenced as boot-stock.img below) from the latest monthly update for your device (also update to the latest monthly update for your device prior (remove any ramdisk modifications you may have made (Magisk), remove -w after fastboot in flash-all script and replace with –disable-verity –disable-verification)):
https://developers.google.com/android/images#xxxxx
Replace xxxxx with the codename for your device.

Repo (Use manual install, its newer).

Put the path to it (repo) in your PATH:
export PATH=PATH_TO_REPO:$PATH
Replace PATH_TO_REPO with the /xxx/xxx/xxx path
You can make it permanent by adding it in to your shell’s .rc file (i.e. if you use BASH then at the end of ~/.bashrc) and source it after (source ~/.bashrc), so it can reflect in your current shell session.

…..

We will use android14-6.1 (Pixel 7 / 8).
You can get this information by unpacking the stock boot.img (see below) with magiskboot and taking note of the linux version string:
strings kernel | grep -i 'linux version'

…..

Grab manifest_xxxxx.xml from a Tagged build (click kernel under ‘kernel artifacts’):
https://source.android.com/docs/core/architecture/kernel/gki-android14-6_1-release-builds

After you click on manifest_xxxxx.xml, right click Download, copy link:
curl -o manifest_xxxxx.xml "LINK"

Clone susfs4ksu:
git clone https://gitlab.com/pershoot/susfs4ksu.git -b gki-android14-6.1-dev

mkdir gki-kernel
mkdir android-kernel

Pull down the repository:
cd gki-kernel
repo init -u https://android.googlesource.com/kernel/manifest
cp -p ../manifest_xxxxx.xml .repo/manifests
repo init -m manifest_xxxxx.xml
repo sync
cd ..

Create a mirror, which you will work against:
rsync -a --del gki-kernel/ gki-14

Copy SuSFS module and patches in:
cd gki-14
cp -p ../susfs4ksu/kernel_patches/fs/* common/fs
cp -p ../susfs4ksu/kernel_patches/include/linux/* common/include/linux
cp -p ../susfs4ksu/kernel_patches/50_add_susfs_in_gki-android14-6.1.patch common
cp -p ../susfs4ksu/kernel_patches/60_scope-minimized_manual_hooks.patch common

Patch:
cd common
patch -p1 < 50_add_susfs_in_gki-android14-6.1.patch
patch -p1 < 60_scope-minimized_manual_hooks.patch
cd ..

Pull down KernelSU-Next and execute setup:
curl -LSs "https://raw.githubusercontent.com/pershoot/KernelSU-Next/refs/heads/next-susfs/kernel/setup.sh" | bash -s next-susfs

Remove protected exports (also the patches) so Wi-Fi and Bluetooth will function:
sed -i '/^[[:space:]]"protected_exports_list"[[:space:]]:[[:space:]]"android\/abi_gki_protected_exports_aarch64",$/d' common/BUILD.bazel
rm common/android/abi_gki_protected_exports_ common/50_add_susfs_in_gki-android14-6.1.patch common/60_scope-minimized_manual_hooks.patch

Commit the changes in to your local repository:
cd common
git add -A
git commit -a -m "Add KernelSU-Next-susfs"
cd ..

Build:
tools/bazel run --config=fast --config=stamp --lto=thin //common:kernel_aarch64_dist -- --dist_dir=../android-kernel

Create a directory where you will use magiskboot to sort out SPL (Security Patch Level) using your stock image:
mkdir ../android-kernel/kernel
cd ../android-kernel/kernel
cp -p ../boot.img .
../../magiskboot unpack boot.img
../../magiskboot repack ../../boot-stock.img

…..


Test your boot image (new-boot.img is found in android-kernel/kernel directory you are in):
adb reboot bootloader or vol down and power
fastboot boot new-boot.img

If all looks well:
adb reboot bootloader
fastboot flash boot new-boot.img
fastboot reboot

…..

Install the latest susfs4ksu module (sidex15) through the KernelSU-Next Manager.

Enjoy!

…..

Sources:
pershoot/KernelSU-Next at next-susfs
pershoot/susfs4ksu/-/tree/gki-android14-6.1-dev
KernelSU-Next/KernelSU-Next: An advanced Kernel based root solution for Android
simonpunk/susfs4ksu/-/tree/gki-android14-6.1
sidex15/susfs4ksu-module: An addon root hiding service for KernelSU
backslashxx/KernelSU


« »