How do I push files to my root ( / ) directory with ADB so I can install the `su` binary

I've just adb shell'd into my root directory on my device and I want to install the su binary. Just to note, I'm on macOS and want to do this manually.

When I try to push the su binary to the root directory (not on SDCard), I get this error:

$ cp /sdcard/su /system/bin
cp: /system/su: Read-only file system

How do I push the su binary to /system/bin?

(My tablet is an Acer Iconia Tab 10 A3-A30)

Basically, I just want to root it but I can't find any details on unlocking the bootloader or any apps that work with this tablet.

Short version: Unfortunately, the naive approach of just pushing "su" won't work. You can verify that (unless your "su" binary is using an exploit), even "adb push su /data/local/tmp/" and then executing it from there won't work.

Detailed version:

Android 5.0 brought two fundamental changes: The first was the sealing of the root and other filesystems, so that they are not only mounted read-only, but they are also verified by DM-verity, such that if they ARE mounted read/write, changes will not be accepted.

The second was the introduction of SE-Linux (along with another change, deprecating setuid binaries), as an extra level of what is known as "Mandatory Access Control". This (as opposed to chmod/chown/etc "Discretionary Access Control") means that there is an overarching "security policy", which - once installed - cannot be overridden in any way.

There are thus two ways to root your device:

A) upload a "su" style binary which would somehow find a way around SE-Linux and grant you root privileges. This necessitates exploitation of a security vulnerability to achieve kernel memory access and "patching" of the shell credentials. These are rare enough to be discounted since these vulnerabilities are quickly patched (exceptions being MediaTek devices, for which mtk-su works well).

B) boot the device in a "boot loader unlocked" mode (which you've indeed referred to) in which a pre-patched kernel, with a modified security policy and a root filesystem (technically ,Ramdisk) with a pre-made su and an enabled daemon can be used to give you super user privileges on demand. This was started by ChainFire's 'supersu', and is now the de facto method of Magisk.

Therefore, your question is very much at a dead end. You could modify the root filesystem and install the "older" form of su if this were a development build (as would be shown by "getprop ro.debuggable" or "getprop ro.build.fingerprint" with "eng" it. But, this will not work on a release (retail) device.

Your best bet is to

• A) get the OTA or factory image of your tablet in question.
• B) get the boot.img from it
• C) Patch the boot.img using magisk (on device, through /sdcard/Download) or imjtool
• D) Enable boot loader unlocking (not guaranteed to be available) through Developer Options
• E) put device in fastboot mode ("adb reboot bootloader" should do)
• F) Use "fastboot flashing unlock" on host when device is thus connected. Approve unlocking
• G) use "fastboot boot " or (when you are certain it works) "fastboot flash boot "
• H) Hope for the best