telemetry: android: use both methods to access protected files

build/android/pylib/android_commands.py

 # Copyright (c) 2012 The Chromium Authors. All rights reserved.
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
 """Provides an interface to communicate with the device via the adb command.
 
 Assumes adb binary is currently on system path.
 """
 # pylint: disable-all
 
@@ skipping 279 matching lines @@
     self._potential_push_size = 0
     self._actual_push_size = 0
     self._external_storage = ''
     self._util_wrapper = ''
     self._system_properties = system_properties.SystemProperties(self.Adb())
     self._push_if_needed_cache = {}
     self._control_usb_charging_command = {
         'command': None,
         'cached': False,
     }
+    self._protected_file_access_method_initialized = None
+    self._privileged_command_runner = None
 
   @property
   def system_properties(self):
     return self._system_properties
 
   def _LogShell(self, cmd):
     """Logs the adb shell command."""
     if self._device:
       device_repr = self._device[-4:]
     else:
@@ skipping 787 matching lines @@
     i = 0
     while self.FileExistsOnDevice(
         self.GetExternalStorage() + '/' + base_name % i):
       i += 1
     return self.GetExternalStorage() + '/' + base_name % i
 
   def RunShellCommandWithSU(self, command, timeout_time=20, log_result=False):
     return self.RunShellCommand('su -c %s' % command, timeout_time, log_result)
 
   def CanAccessProtectedFileContents(self):
-    """Returns True if Get/SetProtectedFileContents would work via "su".
+    """Returns True if Get/SetProtectedFileContents would work via "su" or adb
+    shell running as root.
 
     Devices running user builds don't have adb root, but may provide "su" which
     can be used for accessing protected files.
     """
-    r = self.RunShellCommandWithSU('cat /dev/null')
-    return r == [] or r[0].strip() == ''
+    return (self._GetProtectedFileCommandRunner() != None)
+
+  def _GetProtectedFileCommandRunner(self):
+    """Finds the best method to access protected files on the device.
+
+    Returns:
+      1. None when privileged files cannot be accessed on the device.
+      2. Otherwise: A function taking a single parameter: a string with command
+         line arguments. Running that function executes the command with
+         the appropriate method.
+    """
+    if self._protected_file_access_method_initialized:
+      return self._privileged_command_runner
+
+    def IsValidAuxContents(contents):
+      # The leading 4 or 8-bytes of auxv vector is a_type. There are not many
+      # reserved a_type values, hence byte 2 must always be '\0' for a realistic
+      # auxv. See /usr/include/elf.h.
+      return len(contents) > 0 and (contents[0][2] == '\0')
+
+    self._privileged_command_runner = None
+    self._protected_file_access_method_initialized = True
+
+    # Get contents of the auxv vector for the init(8) process from a small
+    # binary file that always exists on linux and is always read-protected.
+    contents = self.RunShellCommand('cat /proc/1/auxv')
+    if IsValidAuxContents(contents):
+      # Protected data is available without SU, hence adb is running as root.
+      self._privileged_command_runner = self.RunShellCommand
+      return self._privileged_command_runner
+    contents = self.RunShellCommandWithSU('cat /proc/1/auxv')
+    if IsValidAuxContents(contents):
+      # Protected data is available when asked with SU.
+      self._privileged_command_runner = self.RunShellCommandWithSU
+    return self._privileged_command_runner

[bulach, 2014/04/29 13:42:02]

well, there's some small duplication here, we could minimize it by naming the
function a "Setter" or something... the cat command, the if and the actual
self.RunShell... would appear only once, something like:

def SetPriviledgedCommandRunner(self, fn):
  contents = fn('cat /proc/1/auxv')
  if len(contents) and ...:
    self._priviledged_command_runner = fn
    return True
  return False

if not self.SetPriviledgedCommandRunner(self, self.RunShellCommand) and
   not self.SetPriviledgedCommandRunner(self, self.RunShellCommandWithSU):
  logging.warning('Could not ...')
  self._priviledged_command_runner = lambda(x, y: return [])
return self._priviledged_command_runner

[pasko, 2014/04/29 14:02:56]

oh, that's more elegant than I thought it would be. I would like the warning to
say what file we failed on, but that's orthogonal.


There is yet another possibility:

def PrivilegedCommandWorks(self, command):
  contents = command('cat /proc/1/auxv')
  return len(contents) > 0 and (contents[0][2] == '\0')

self._privileged_command_runner = None
for cmd in [self.RunShellCommand, self.RunShellCommandWithSU]:
  if PrivilegedCommandWorks(cmd):
    self._privileged_command_runner = cmd
    break

return self._privileged_command_runner

 
   def GetProtectedFileContents(self, filename):
     """Gets contents from the protected file specified by |filename|.
 
-    This is less efficient than GetFileContents, but will work for protected
-    files and device files.
+    This is potentially less efficient than GetFileContents.
     """
-    # Run the script as root
-    return self.RunShellCommandWithSU('cat "%s" 2> /dev/null' % filename)
+    command = 'cat "%s" 2> /dev/null' % filename
+    command_runner = self._GetProtectedFileCommandRunner()
+    if command_runner:
+      return command_runner(command)
+    else:
+      logging.warning('Could not access protected file: %s' % filename)
+      return []
 
   def SetProtectedFileContents(self, filename, contents):
     """Writes |contents| to the protected file specified by |filename|.
 
-    This is less efficient than SetFileContents, but will work for protected
-    files and device files.
+    This is less efficient than SetFileContents.
     """
     temp_file = self._GetDeviceTempFileName(AndroidCommands._TEMP_FILE_BASE_FMT)
     temp_script = self._GetDeviceTempFileName(
         AndroidCommands._TEMP_SCRIPT_FILE_BASE_FMT)
 
     # Put the contents in a temporary file
     self.SetFileContents(temp_file, contents)
     # Create a script to copy the file contents to its final destination
     self.SetFileContents(temp_script, 'cat %s > %s' % (temp_file, filename))
-    # Run the script as root
-    self.RunShellCommandWithSU('sh %s' % temp_script)
+
+    command = 'sh %s' % temp_script
+    command_runner = self._GetProtectedFileCommandRunner()
+    if command_runner:
+      return command_runner(command)
+    else:
+      logging.warning('Could not set contents of protected file: %s' % filename)
+
     # And remove the temporary files
     self.RunShellCommand('rm ' + temp_file)
     self.RunShellCommand('rm ' + temp_script)
 
   def RemovePushedFiles(self):
     """Removes all files pushed with PushIfNeeded() from the device."""
     for p in self._pushed_files:
       self.RunShellCommand('rm -r %s' % p, timeout_time=2 * 60)
 
   def ListPathContents(self, path):
@@ skipping 774 matching lines @@
   """
   def __init__(self, output):
     self._output = output
 
   def write(self, data):
     data = data.replace('\r\r\n', '\n')
     self._output.write(data)
 
   def flush(self):
     self._output.flush()