Chainfire Discusses SuperSU and Problems With The Note 7
Earlier today Chainfire took to Google+ to discuss progress with the Note 7 and SuperSU, explaining that as the Note 7’s release has been delayed in some countries he has had to work via remote debugging. Thankfully, with the aid of Dr.Ketan and SeraphSephiroth it is now working. However it is not all good news.
“As isn’t uncommon with Samsung, they’ve built-in some new (and arguably ineffective to actual exploits) protections directly to the kernel code, that cannot be turned off by just modifying the boot image ramdisk.
This time, they’ve decided to kernel panic in case a ‘priviliged’ process (uid or gid below or equal to 1000, so this includes root and system processes) creates another process that isn’t stored in /system or rootfs. SuperSU itself does this, but so do a great many root apps. Any time this happens: immediate reboot.” – Chainfire
About a 100 CF-Auto-Roots have been updated yesterday and today
— Chainfire XDA (@ChainfireXDA) August 26, 2016
Aside from the binary/hex patch SuperSU employs (see common/hexpatch inside the ZIP), there are some more ways to get around this protection.
If you’re compiling kernels from source, it seems that setting CONFIG_RKP_NS_PROT=n gets rid of these protections. You may want to disable other RKP and TIMA settings as well, but that is the one directly relating to this issue.
This protection also disables itself in recovery mode, so simply copying a boot image with these protections to the recovery partition and rebooting into recovery (which will then just launch Android) will work beautifully as well.
As mentioned above a lot of future development for the device relies heavily on how Samsung react and adapt in the coming updates, but for now you can find the official SuperSU Beta for the Note 7 thread here, and a TWRP flashable zip here.