Android privilege escalation has been transformed by rooting frameworks such as KernelSU, APatch, and SKRoot, which use advanced kernel patching techniques to enable unauthorized code execution at the kernel level.
These tools hook into critical system calls, such as prctl, to establish covert channels between user-space manager apps and kernel space, enabling operations like SELinux policy modifications and root privilege grants.
https://gbhackers.com/attackers-need-ju ... erability/