Check user groups in ConstructCommand and fallback to cvd_refresh_groups if necessary

This change introduces a check in ConstructCommand to ensure the user is a member of cvdnetwork, kvm, and render groups. If not, it executes the command via cvd_refresh_groups.

Assisted-by: Jetski <jetski@google.com>
Bug: b/510930737

Author: Databean

base/cvd/cuttlefish/host/commands/cvd/cli/BUILD.bazel

@@ -149,10 +149,12 @@ cf_cc_library(
         "//cuttlefish/common/libs/utils:contains",
         "//cuttlefish/common/libs/utils:files",
         "//cuttlefish/common/libs/utils:subprocess",
+        "//cuttlefish/common/libs/utils:users",
         "//cuttlefish/host/commands/cvd/instances:config_path",
         "//cuttlefish/host/commands/cvd/utils",
         "//cuttlefish/host/libs/config:config_constants",
         "//cuttlefish/result",
+        "//libbase",
         "@abseil-cpp//absl/strings",
         "@fmt",
     ],

base/cvd/cuttlefish/host/commands/cvd/cli/utils.cpp

@@ -26,12 +26,14 @@
 #include <vector>
 
 #include "absl/strings/str_cat.h"
+#include "android-base/file.h"
 #include "fmt/format.h"
 #include "fmt/ranges.h"  // NOLINT(misc-include-cleaner): version difference
 
 #include "cuttlefish/common/libs/fs/shared_fd.h"
 #include "cuttlefish/common/libs/utils/contains.h"
 #include "cuttlefish/common/libs/utils/files.h"
+#include "cuttlefish/common/libs/utils/users.h"
 #include "cuttlefish/host/commands/cvd/instances/config_path.h"
 #include "cuttlefish/host/commands/cvd/utils/common.h"
 #include "cuttlefish/host/libs/config/config_constants.h"
@@ -54,9 +56,24 @@ Result<void> CheckProcessExitedNormally(siginfo_t infop,
   }
 }
 
+static Command FixGroupsIfNecessary(const std::string& command_name,
+                                    const std::string& bin_path) {
+  bool in_required_groups =
+      InGroup("cvdnetwork") && InGroup("kvm") && InGroup("render");
+  if (in_required_groups) {
+    return Command(command_name).SetExecutable(bin_path);
+  } else {
+    const std::string refresh_groups =
+        android::base::GetExecutableDirectory() + "/cvd_refresh_groups";
+    return Command("cvd_refresh_groups")
+        .SetExecutable(refresh_groups)
+        .AddParameter(bin_path)
+        .AddParameter(command_name);
+  }
+}
+
 Result<Command> ConstructCommand(const ConstructCommandParam& param) {
-  Command command(param.command_name);
-  command.SetExecutable(param.bin_path);
+  Command command = FixGroupsIfNecessary(param.command_name, param.bin_path);
   for (const std::string& arg : param.args) {
     command.AddParameter(arg);
   }