The critical update to supolicy is best explained in the man’s own words:
Due to an initialization bug, introduced in v2.68 BETA, some SELinux contexts (including shell and untrusted_app) could be granted sys_module capability. If this happens, and your kernel is compiled with module loading support (most modern stock kernels have this disabled) and an exploit is used to gain uid 0,
this then allows for a complete SELinux bypass and kernel pwn.
Chainfire mentions that the exact combination required for this vulnerability make the chances of its exploitation very slim. Nonetheless, it is a vulnerability, which is now fixed in this release. Hence, it is recommended to update SuperSU by flashing the SuperSU zip as the apk update would not be sufficient in this particular instance.
The rest of the changelog is as below:
- subinary: Adjust app_process detection with manipulated mount namespaces
- subinary: Adjust Zygote PID detection to prefer 64-bit
- subinary: Fix possible NPE in LD_PRELOAD sanitization
- subinary: In systemless mode, ensure PATH contains /su/bin and /su/xbin
- supolicy: Ensure zero-on-alloc for new rules
- supolicy: Fix parsing allowxperm with multiple sources/targets in a single definition
- ZIP/Systemless: Give su.d 60 seconds to execute (from 4 seconds)
Apart from this, this v2.78 SR1 also brings a change to the versioning system used by SuperSU. With this update, SuperSU is moving from BETA to Service Release naming scheme. The next test release would be using the same main version number as the current stable release, meaning that v2.78 SR1 would have been called v2.79 Beta otherwise.
The version numbers are to be kept the same to reduce the effectiveness of people trying to upload the test releases to app stores outside of Google Play, as most non-Play stores do not accept a version number already present.
You can download the flashable zip for v2.78 SR1 from here.
Chainfire also took the moment to mention some upcoming announcements related to Coding Code Mobile Technology LLC.