When Google brought Lollipop into the world they also introduced SELinux into an enforcing mode in all stock devices. This makes the system partition of a Lollipop stock device read-only by default. Everyone was worried about the future of the Android hacker scene but we shouldn’t have been as it was quickly shown that a custom kernel could be used to bypass the limitations of SELinux. We reported on a detailed explanation that well-known SuperSU developer, Chainfire, gave explaining the state of root for Lollipop.
While rooting the Nexus 9 is not as straight forward as previous generations of Nexus devices it is still relatively easy. It does require a custom kernel or kernel ramdisk modifications to obtain but thanks to the hard work of Chainfire it is easy for us.
It now seems that Chainfire has been continually working on the rooting process as he has now discovered a way to root a Lollipop device without a custom kernel. Chainfire has implemented a way to access root by using the zygote process that is responsible for launching all apps installed on a device. This allows the users to obtain root access without any kernel modifications. While this shines some light back onto locked bootloader devices being able to be rooted it is important to note that it can be fixed by Google with only a single line of code, and it may already have been given the large amount of SELinux additions to the AOSP in the past few months.
Going forward it is likely that this hole will be patched and it will be back to the drawing board again for those with devices that have locked bootloaders as a patched kernel will be required for root once more. The safest path for those who want root access to their device is to buy a device that has an unlockable bootloader (and particularly one that the company doesn’t cripple the software on when you do).
It is important to know that it is still only in beta form so I would suggest not testing it out unless you are intimate with fastboot and adb to recover any bootloops that may occur. From the keyboard of Chainfire himself:
I should warn you however that this method is more invasive, and has a higher chance of bootloops. Probably the highest-bootloop-risk beta in quite a while. Please make sure you have a backup before flashing it.
If you do want to check it out head over to the XDA SuperSU Beta thread and hack away. Let us know in the comments how successful it is for you.