Problems with here docs/strings in Android implementations of bash/mksh

Question

I've encountered several issues with process substitution and here docs/strings in the bash and mksh shells on Android.

Process substitution in bash fails for both privileged and unprivileged users.

$ cat < <(ls)
bash: /dev/fd/62: No such file or directory

bash's man page states:

Process substitution is supported on systems that support named pipes (FIFOs) or the /dev/fd method of naming open files.

Android lacks /dev/fd but we can resolve this issue by running the following command as su (or placing it in userinit.d to be run upon boot):

ln -s /proc/self/fd /dev/fd

This sort of process substitution is not supported in mksh, but we can get around this by using named pipes, file descriptors, and here docs/strings. Here docs/strings function well in both bash and mksh while run as root/su.

Herein lies the problem: here docs/strings fail for unprivileged users in both bash and mksh

$ cat <<< "string"
bash: cannot create temp file for here-document: Permission denied

$ cat <<< "string"
/system/bin/sh: can't create temporary file /data/local/sh5debnv.tmp: Permission denied

It is clear that the shells lacks access to a suitable /tmp folder. The shell variable TMPDIR appears to be involved.

I've temporarily modified the bashrc/mkshrc files to set TMPDIR to a world-writable directory in /data for [ $USER != root ]. This functions well when running scripts from adb/terminal but seems like a sloppy and potentially dangerous idea. Setting TMPDIR to /sdcard for instance works fine when calling scripts from 'Terminal Emulator for Android' but fails elsewhere.

I'd also like scripts to function reliably when called from unprivileged non-interactive shells (i.e. Tasker or other apps). Does anyone have any suggestions for what to set TMPDIR to, where to set it from (i.e. mkshrc/bashrc, userinit.d, or repack init.rc), or some entirely new solution?

Answer 1

You've pretty much answered your question here. These are some good questions though. mirabilos, creator and maintainer of mksh(official shell for Android), said a while ago that the reason the TMPDIR isn't there is for security reasons, but it's something Google and him are trying to sort out.

As for where to make your temporary directory, I would make it in /sdcard since that is accessible for non-root processes. This is the function I use in my /system/etc/mkshrc and /system/etc/bash/bashrc, the locations for mkshrc and bashrc in Android:

mktmp3(){
  [[ -e $TMPDIR ]] && [[ -w $TMPDIR ]] && return 0 || :

  [[ -e /sdcard ]] || {
    [[ -e /storage/emulated/0 ]] && ln -sf /storage/emulated/0 /sdcard
    }

  (( $USER_ID )) && {
    export TMPDIR=/sdcard/.tmp/$RANDOM
    mkdir -p $TMPDIR 2>/dev/null
  } || :

  (( $USER_ID )) || {
    busybox mount -o rw,remount /
    mkdir -p /tmp 2>/dev/null
    busybox mount -o ro,remount /
    busybox mount -t tmpfs -o rw /tmp /tmp
    export TMPDIR=/tmp/$RANDOM
    mkdir -p $TMPDIR 2>/dev/null
  }
}

mktmp3

That will make a fairly secure temporary directory for root and non-root that is randomly generated.