On the emulator provided with the SDK r10,
you can get a root shell executing "adb shell" from your host computer.
Once you have such root shell, you cat follow this steps to get a
command that can log you as root from the terminal emulator:
# Remount /data to allow executables and setuids on itmount-o remount,rw/dev/block/mtdblock1/data# There's no "cp" command on Androidcat/system/bin/sh>/data/su# Give setuid permissions to the shellchmod7755/data/su
Now, from the emulator, just run "/data/su" and that's it, you're
root.
The normal "/system/xbin/su" command included in the SDK performs
internal user id checks, so these commands...
mount-o remount,rw/dev/block/mtdblock0/system
chmod7755/system/xbin/su
...just won't work. There's no way to trick /system/xbin/su to allow
the normal user (UID 10018 in my case) to become root.
Please note that dealing with setuid programs can be a security risk
(not higher than having a universal "su" command, though). Use this
solution at your own risk.