Touching the system partition isn’t the only thing one would do with root. And if the ROM ships su in the ROM, there’s no problem of being out of sync with upstream or even not passing boot verification.
It does open up an attack surface against the app that provides the UI to gate root access. But that has to be considered against the “availability” arm of the security triad.
Touching the system partition isn’t the only thing one would do with root. And if the ROM ships su in the ROM, there’s no problem of being out of sync with upstream or even not passing boot verification.
It does open up an attack surface against the app that provides the UI to gate root access. But that has to be considered against the “availability” arm of the security triad.