The process of gaining super user privileges on an Android device is commonly called rooting. The system super user account is ubiquitously called root, hence the term rooting. This special account has rights and permissions over all files and programs on a UNIX-based system. It has full control over the operating system.
There are many reasons why someone would like to achieve administrative privileges on an Android device. For the purposes of this book, our primary reason is to audit the security of an Android device without being confined by UNIX permissions. However, some people want to access or alter system fi les to change a hard-coded confi guration or behavior, or to modify the look and feel with custom themes or boot animations. Rooting also enables users to uninstall pre-installed applications, do full system backups and restores, or load custom kernel images and modules. Also, a whole class of apps exists that require root permissions to run. These are typically called root apps and include programs such as iptables-based firewalls, ad-blockers, overclocking, or tethering applications.
Regardless of your reason to root, you should be concerned that the process of rooting compromises the security of your device. One reason is that all user data is exposed to applications that have been granted root permissions. Further, it could leave an open door for someone to extract all user data from the device if you lose it or it is stolen, especially if security mechanisms (such as boot loader locks, or signed recovery updates) have been removed while rooting it.
Rooting your device, if you do not know what you are doing, can cause your phone to stop functioning correctly. This is especially true if you modify any system files. Thankfully, most Android devices can be returned to the stock factory state if needed.
Understand the Partition Layout
Partitions are logical storage units or divisions made inside the device’s persistent storage memory. The layout refers to the order, offsets, and sizes of the various partitions. The partition layout is handled by the boot loader in most devices, although in some rare cases it can also be handled by the kernel itself. This low-level storage partitioning is crucial to proper device functionality. The partition layout varies between vendors and platforms. Two different devices typically do not have the same partitions or the same layout. However, a few partitions are present in all Android devices. The most common of these are the boot, system, data, recovery, and cache partitions. Generally speaking, the device’s NAND flash memory is partitioned using the following partition layout:
- boot loader: Stores the phone’s boot loader program, which takes care of initializing the hardware when the phone boots, booting the Android kernel, and implementing alternative boot modes such as download mode.
- splash: Stores the first splash screen image seen right after powering on the device. This usually contains the manufacturer’s or operator’s logo. On some devices, the splash screen bitmap is embedded inside the boot loader itself rather than being stored in a separate partition.
- boot: Stores the Android boot image, which consists of a Linux kernel (zImage) and the root file system ram disk (initrd).
- recovery: Stores a minimal Android boot image that provides maintenance functions and serves as a failsafe.
- system: Stores the Android system image that is mounted as /system on a device. This image contains the Android framework, libraries, system binaries, and pre-installed applications.
- userdata: Also called the data partition, this is the device’s internal storage for application data and user files such as pictures, videos, audio, and downloads. This is mounted as /data on a booted system.
- cache: Used to store various utility files such as recovery logs and update packages downloaded over-the-air. On devices with applications installed on an SD card, it may also contain the dalvik-cache folder, which stores the Dalvik Virtual Machine (VM) cache.
- radio: A partition that stores the baseband image. This partition is usually present only on devices with telephony capabilities.
Determining the Partition Layout
You can obtain the partition layout of a particular device in several ways. First, you can look at the contents of the partitions entry in the /proc file system. Following are the contents of this entry on a Samsung Galaxy Nexus and Samsung Galaxy Note Pro running Android 4.2.1:
In addition to the proc entry, it is also possible to get a mapping of these device files to their logical functions. To do this, check the contents of the System-on-Chip (SoC) specific directory in /dev/block/platform. There, you should find a directory called by-name, where each partition name is linked to its corresponding block device. The following excerpt shows the contents of this directory on the same Samsung Galaxy Nexus as the previous example.
shell@android:/dev/block/platform/omap/omap_hsmmc.0/by-name $ ls -l
lrwxrwxrwx root root 2013-01-30 20:43 boot -> /dev/block/mmcblk0p7
lrwxrwxrwx root root 2013-01-30 20:43 cache -> /dev/block/mmcblk0p11
lrwxrwxrwx root root 2013-01-30 20:43 dgs -> /dev/block/mmcblk0p6
lrwxrwxrwx root root 2013-01-30 20:43 efs -> /dev/block/mmcblk0p3
lrwxrwxrwx root root 2013-01-30 20:43 metadata -> /dev/block/mmcblk0p13
lrwxrwxrwx root root 2013-01-30 20:43 misc -> /dev/block/mmcblk0p5
lrwxrwxrwx root root 2013-01-30 20:43 param -> /dev/block/mmcblk0p4
lrwxrwxrwx root root 2013-01-30 20:43 radio -> /dev/block/mmcblk0p9
lrwxrwxrwx root root 2013-01-30 20:43 recovery -> /dev/block/mmcblk0p8
lrwxrwxrwx root root 2013-01-30 20:43 sbl -> /dev/block/mmcblk0p2
lrwxrwxrwx root root 2013-01-30 20:43 system -> /dev/block/mmcblk0p10
lrwxrwxrwx root root 2013-01-30 20:43 userdata -> /dev/block/mmcblk0p12
lrwxrwxrwx root root 2013-01-30 20:43 xloader -> /dev/block/mmcblk0p1
Further still, there are other places where you can obtain information about the partition layout. The /etc/vold.fstab file, the recovery log (/cache/
recovery/last_log), and the kernel logs (via dmesg or /proc/kmsg) are known to contain partition layout information in some cases. If all else fails, you can find some information about partitions using the mount command or examining /proc/mounts.
Before rooting an android device, you need to understand how android’s boot process work. So you can classified what is locked boot loaders and what is unlocked boot loaders, Because there are difference on rooting an unlocked android boot loader and rooting with a locked boot loader