How to Root Marshmallow with SuperSU 2.52 and Modified Boot image [SELinux: Enforcing]

  Update: SuperSU 2.52 now available.

Chainfire has just made a come back with root for Marshmallow and updated beta of SuperSU (v2.50), which combined with modified boot images, can root your Nexus device while keeping SELinux in Enforcing mode.

We’ve discussed in length about the security concern of running SELinux in permissive mode in our post Root and Android 6.0 Marshmallow. It’s pretty serious from the security point-of-view.

Thanks to Chainfire though, you can now root your Nexus device on Marshmallow with SELinux in Enforcing mode. All you’ve to do is flash the modified boot.img file first, and then flash the SuperSU v2.52 via TWRP recovery.

Chainfire has provided modified boot.img for all Nexus devices which received the MRA58K Android 6.0 update.

Download modified boot.img

Note: The modified boot images may cause a factory reset, specifically on Nexus 6 and Nexus 9.

How to Root
  1. Setup ADB and Fastboot on your PC.
  2. Download and install TWRP recovery:
    TWRP links: Nexus 5 | Nexus 6 | Nexus 9 | Nexus Player | Nexus 7 2013 (WiFi), (LTE)
    How to Install TWRP recovery.
  3. Download the modified boot image file for your device from the downloads section above and extract/unzip the file to get boot.img file.
  4. Boot your Nexus device into bootloader mode and flash the boot.img file using the following command:
    fastboot flash boot boot.img
  5. Download and flash the latest SuperSU zip beta (v2.52).

That’s all. All credits for the modified boot files and SuperSU v2.52 goes to Chainfire. Check out his original post at xda over here.

Happy Androiding!

Posted by
Shivam Malani

Shivam is our resident designer and web developer who also enjoys writing. He loves to meditate, drive on the freeways and hunt for snipers during his Call Of Duty playtime. Email: [email protected]

8 Comments

  1. […]  How to Root Marshmallow with SuperSU 2.50 and Modified Boot image […]

  2. If you want to trust your device’s root to a binary blob produced by an unknown company, that puts a lot of selinux into permissive mode (the title of this thread is VERY misleading, since supersu puts a lot of domains into permissive, just check your kernel audit log for proof, look for “enforcing=0” to see what is permissive), then by all means, use supersu.

    If you like to actually be secure, and maintain some degree of control over what applications can actually do WITH root, maintain your selinux policy FULLY enforcing, and fully open and be able to actually audit the code you are trusting with your security, you should consider this instead;

    https://github.com/lbdroid/AOSP-SU-PATCH

  3. If you want to trust your device’s root to a binary blob produced by an unknown company, that puts a lot of selinux into permissive mode (the title of this thread is VERY misleading, since supersu puts a lot of domains into permissive, just check your kernel audit log for proof, look for “enforcing=0” to see what is permissive), then by all means, use supersu.

    If you like to actually be secure, and maintain some degree of control over what applications can actually do WITH root, maintain your selinux policy FULLY enforcing, and fully open and be able to actually audit the code you are trusting with your security, you should consider this instead;

    https://github.com/lbdroid/AOSP-SU-PATCH

  4. […] How to Root Marshmallow with SuperSU 2.52 and Modified Boot image [SELinux: Enforcing] https://nerdschalk.com/root-marshmallow-supersu-2-50-selinux-enforcing/ […]

  5. […] Overly simplified instructions, based on the fine works of Androiding.how […]

Leave a Reply

Your email address will not be published. Required fields are marked *