Changes: Adds test: when running application is updated with new security token this token shouldn't be gained by this application until it is rerun (test of child processes of applauncherd).

debian/changelog

@@ -3,6 +3,7 @@ applauncherd (3.0.1) unstable; urgency=low
   * Fixes: NB#273361 - Applaucherd is possible to start with wrong parameters
   * Changes: Updated list of libraries to preload
   * Fixes: NB#291089 - Installation of clock application fails when applauncherd daemon stopped
+  * Changes: Adds new test for applauncherd re-exec. Checking state of running application when it is updated.
 
  -- Alexey Shilov <alexey@trdhcp147241>  Mon, 14 Nov 2011 13:39:38 +0200
 

debian/rules

@@ -49,7 +49,7 @@ install: build
 	dh_installdirs
 
 	DESTDIR=debian/tmp make install
-	cp tests/harmattan/testapps/applauncherd-token-test_1.0_armel.deb debian/tmp/usr/share/fala_images
+	cp tests/harmattan/testapps/applauncherd-token-test_1.?_armel.deb debian/tmp/usr/share/fala_images
 	cp tests/harmattan/testapps/applauncherd-usrlib-test_1.?_armel.deb debian/tmp/usr/share/fala_images
 
 #tests/harmattan/testapps/applauncherd-token-test_1.0_armel.deb:

tests/harmattan/red-tests/tests.xml

@@ -79,12 +79,36 @@
     </set>
 
     <set name="TC_REEXEC" description="functional tests for security of applaucherd" feature="AF Basic Launcher daemon support">
-      <case name="applauncherd__test_reexec_when_new_token_is_installed" type="Functional" description="Checks that when new application is installed (facebookqml) containing new security token, then applauncherd gains this new security token" timeout="200" level="System" insignificant="true">
+      <pre_steps>
+        <step>initctl stop xsession/pkgm-timed-checks</step>
+      </pre_steps>
+      <case name="applauncherd__test_reexec_when_new_token_is_installed"
+            type="Functional" 
+            description="Checks that when new application is installed (facebookqml) containing new security token, then applauncherd gains this new security token" 
+            timeout="200" 
+            level="System" 
+            insignificant="true">
         <step expected_result="0">source /tmp/session_bus_address.user; DISPLAY=:0 `pyversions -d` /usr/share/applauncherd-testscripts/test-security.py test_reexec_when_new_token_is_installed</step>
       </case>
-      <case name="applauncherd__test_reexec_when_file_in_usrlib_modified" type="Functional" description="Test that reexec is triggered when a package modifies a file in /usr/lib" timeout="100" level="System" insignificant="true">
+      <case name="applauncherd__test_reexec_when_file_in_usrlib_modified" 
+            type="Functional" 
+            description="Test that reexec is triggered when a package modifies a file in /usr/lib"
+            timeout="100"
+            level="System"
+            insignificant="true">
         <step expected_result="0">source /tmp/session_bus_address.user; DISPLAY=:0 `pyversions -d` /usr/share/applauncherd-testscripts/test-func-launcher.py test_reexec_when_file_in_usrlib_modified</step>
       </case>
+      <case name="applauncherd__test_that_other_apps_dont_gain_new_token_on_update" 
+            type="Functional" 
+            description="Checks that when running application is upgraded and upgrade contains new token, then this runing application doesn't gain new token until it is restarted (re-exec of applauncherd don't have impact on child processes)." 
+            timeout="100" 
+            level="System" 
+            insignificant="true">
+        <step expected_result="0">source /tmp/session_bus_address.user; DISPLAY=:0 `pyversions -d` /usr/share/applauncherd-testscripts/test-security.py test_that_other_apps_dont_gain_new_token</step>
+      </case>
+      <post_steps>
+        <step>initctl start xsession/pkgm-timed-checks</step>
+      </post_steps>
       <environments>
           <scratchbox>false</scratchbox>
           <hardware>true</hardware>

tests/harmattan/testapps/applauncherd-token-test-1.1/applauncherd-token-test.conf

@@ -0,0 +1,9 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<aegisfs>
+  <mount point="/home/user/.applauncherd-token-test" type="shared" prot="encrypted">
+    <pstore name="applauncherd-token-test-protected" type="shared" flatten="no" />
+    <access type="read"  require="applauncherd-token-test::applauncherd-test-second-token" />
+    <access type="write" require="applauncherd-token-test::applauncherd-test-token" />
+  </mount>
+</aegisfs>
+

tests/harmattan/testapps/applauncherd-token-test-1.1/applauncherd-token-test.pro

@@ -0,0 +1,63 @@
+## This file is part of test package applauncherd-token-test
+#
+# Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
+# All rights reserved.
+#
+# Contact: Marek Ruszczak <ext-marek.ruszczak@nokia.com>
+#
+# This software, including documentation, is protected by copyright
+# controlled by Nokia Corporation. All rights are reserved. Copying,
+# including reproducing, storing, adapting or translating, any or all
+# of this material requires the prior written consent of Nokia
+# Corporation. This material also contains confidential information
+# which may not be disclosed to others without the prior written
+# consent of Nokia.
+##
+
+QMAKEVERSION = $$[QMAKE_VERSION]
+ISQT4 = $$find(QMAKEVERSION, ^[2-9])
+isEmpty( ISQT4 ) {
+    error("Use the qmake include with Qt4.4 or greater, on Debian that is qmake-qt4");
+}
+
+QT       += core
+QT       -= gui
+
+TARGET    = fala-token-test-app
+TEMPLATE  = app
+CONFIG   += warn_on link_pkgconfig
+CONFIG   += console
+CONFIG   -= app_bundle
+
+DESTDIR = bin
+OBJECTS_DIR = obj
+MOC_DIR = obj
+
+SOURCES += main.cpp
+
+# Flags to reduce binary size where possible
+QMAKE_CXXFLAGS += -fdata-sections -ffunction-sections
+QMAKE_LFLAGS += --discard-local --discard-all -Wl --gc-sections
+QMAKE_CXXFLAGS -= -O2
+QMAKE_CXXFLAGS += -Os
+
+unix {
+  #VARIABLES
+  isEmpty(PREFIX) {
+    PREFIX = /usr
+  }
+  BINDIR = $$PREFIX/bin
+  DATADIR =$$PREFIX/share
+
+  DEFINES += DATADIR=\\\"$$DATADIR\\\" PKGDATADIR=\\\"$$PKGDATADIR\\\"
+
+  #MAKE INSTALL
+
+  INSTALLS += target aegisfs_config
+
+  target.path =$$BINDIR
+
+  aegisfs_config.files = applauncherd-token-test.conf
+  aegisfs_config.path = /etc/aegisfs.d
+}
+

tests/harmattan/testapps/applauncherd-token-test-1.1/debian/README

@@ -0,0 +1,6 @@
+The Debian Package applauncherd-token-test
+----------------------------
+
+This packeged is used to test that applauncherd is gaining custom tokens when installed appliaction is using a booster.
+
+ -- Marek Ruszczak <ext-marek.ruszczak@nokia.com>  Fri, 04 Nov 2011 16:05:43 +0200

tests/harmattan/testapps/applauncherd-token-test-1.1/debian/applauncherd-token-test.aegis

@@ -0,0 +1,21 @@
+<aegis>
+  <provide>
+    <credential name="applauncherd-test-token" />
+    <credential name="applauncherd-test-second-token" />
+  </provide>
+  <request>
+       <credential name="GRP::upstart" />
+       <credential name="TrackerReadAccess" />
+       <credential name="applauncherd-test-token" />
+       <credential name="applauncherd-test-second-token" />
+       <for path="applauncherd-token-test::/usr/bin/fala-token-test-app" />
+  </request>
+  <request>
+    <credential name="applauncherd-test-token" />
+    <credential name="applauncherd-test-second-token" />
+    <for path="applauncherd-launcher::/usr/bin/applauncherd.bin" />
+  </request>
+  <request context="INSTALL">
+    <credential name="aegisfs::AegisFSMountAdd" />
+  </request>
+</aegis>

tests/harmattan/testapps/applauncherd-token-test-1.1/debian/applauncherd-token-test.postinst

@@ -0,0 +1,3 @@
+#!/bin/sh
+
+aegisfs --install /etc/aegisfs.d/applauncherd-token-test.conf

tests/harmattan/testapps/applauncherd-token-test-1.1/debian/changelog

@@ -0,0 +1,11 @@
+applauncherd-token-test (1.1) unstable; urgency=low
+
+  * adding additional custom credential token.
+
+ -- Marek Ruszczak <ext-marek.ruszczak@nokia.com>  Tue, 15 Nov 2011 15:33:16 +0200
+
+applauncherd-token-test (1.0) stable; urgency=low
+
+  * Initial Release.
+
+ -- Marek Ruszczak <ext-marek.ruszczak@nokia.com>  Fri, 04 Nov 2011 16:05:43 +0200

tests/harmattan/testapps/applauncherd-token-test-1.1/debian/compat

@@ -0,0 +1 @@
+7

tests/harmattan/testapps/applauncherd-token-test-1.1/debian/control

@@ -0,0 +1,22 @@
+Source: applauncherd-token-test
+Section: unknown
+Priority: extra
+Maintainer: Marek Ruszczak <ext-marek.ruszczak@nokia.com>
+Build-Depends: pkg-config, debhelper (>= 7.0.50~), libqt4-dev, applauncherd-dev, applauncherd, aegis-builder (>= 1.4), libmeegotouch-dev
+Standards-Version: 3.9.1
+
+Package: applauncherd-token-test
+Architecture: any
+Depends: ${shlibs:Depends}, ${misc:Depends}, libqt4-core, libqtgui4, applauncherd, libmeegotouchcore0
+Description: Application used to test applauncherd reexec
+ This application is used to test that installation of new security tokens
+ is properly handled by applauncherd deamon.
+
+Package: applauncherd-token-test-dbg
+Architecture: devel
+Depends: ${shlibs:Depends}, ${misc:Depends}, libqt4-core, libqtgui4, applauncherd, libmeegotouchcore0, applauncherd-token-test (= ${binary:Version})
+Description: Application used to test applauncherd reexec
+ This application with debug symbols is used to test that
+ installation of new security tokens is properly handled 
+ by applauncherd deamon.
+

tests/harmattan/testapps/applauncherd-token-test-1.1/debian/copyright

@@ -0,0 +1,16 @@
+This work was packaged for Debian by:
+
+    Marek Ruszczak <ext-marek.ruszczak@nokia.com>  Fri, 04 Nov 2011 16:05:43 +0200
+
+Copyright:
+
+  Copyright (C) 2011 Nokia Corporation and/or its subsidiary(-ies).
+  All rights reserved.
+ 
+This software, including documentation, is protected by copyright
+controlled by Nokia Corporation. All rights are reserved. Copying,
+including reproducing, storing, adapting or translating, any or all
+of this material requires the prior written consent of Nokia
+Corporation. This material also contains confidential information
+which may not be disclosed to others without the prior written
+consent of Nokia.

tests/harmattan/testapps/applauncherd-token-test-1.1/debian/rules

@@ -0,0 +1,74 @@
+#!/usr/bin/make -f
+# -*- makefile -*-
+# Sample debian/rules that uses debhelper.
+# This file was originally written by Joey Hess and Craig Small.
+# As a special exception, when this file is copied by dh-make into a
+# dh-make output file, you may use that output file without restriction.
+# This special exception was added by Craig Small in version 0.37 of dh-make.
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+CFLAGS = -Wall -g
+
+APPNAME := applauncherd-token-test
+
+Makefile:
+	qmake-qt4
+
+build: build-stamp
+
+build-stamp: Makefile
+	dh_testdir
+
+	# Add here commands to compile the package.
+	$(MAKE)
+
+	touch $@
+
+clean: Makefile
+	dh_testdir
+	dh_testroot
+	rm -f build-stamp
+	$(MAKE) clean
+	dh_clean
+
+install:
+	dh_testdir
+	dh_testroot
+	dh_clean -k
+	dh_installdirs
+
+	# Add here commands to install the package into debian/your_appname
+	$(MAKE) INSTALL_ROOT=$(CURDIR)/debian/$(APPNAME) install
+
+aegis:
+	# setting up aegis credentials
+	aegis-deb-add -control debian/applauncherd-token-test/DEBIAN/control .. debian/applauncherd-token-test.aegis=_aegis
+	# aegis-deb-add -control debian/applauncherd-token-test-dbg/DEBIAN/control .. debian/applauncherd-token-test-dbg.aegis=_aegis
+
+# Build architecture-independent files here.
+binary-indep:
+# We have nothing to do by default.
+
+# Build architecture-dependent files here.
+binary-arch: install
+	dh_testdir
+	dh_testroot
+	dh_installdocs
+	dh_installexamples
+	dh_installman
+	dh_link
+	dh_strip --dbg-package=$(APPNAME)-dbg
+	dh_strip
+	dh_compress
+	dh_fixperms
+	dh_installdeb
+	dh_shlibdeps
+	dh_gencontrol
+	dh_md5sums
+	dh_builddeb
+
+binary: binary-indep binary-arch aegis
+.PHONY: build clean binary-indep binary-arch binary install configure
+

tests/harmattan/testapps/applauncherd-token-test-1.1/main.cpp

@@ -0,0 +1,9 @@
+#include <QtCore/QCoreApplication>
+
+int main(int argc, char *argv[])
+{
+    QCoreApplication a(argc, argv);
+
+    return a.exec();
+}
+

tests/harmattan/testscripts/test-security.py

@@ -16,6 +16,7 @@
 # of this file.
 
 import unittest
+import re
 from utils import *
 
 class SecurityTests(unittest.TestCase):
@@ -398,15 +399,14 @@ class SecurityTests(unittest.TestCase):
         packageFileName = '/usr/share/fala_images/applauncherd-token-test_1.0_armel.deb'
         packageName = 'applauncherd-token-test'
         token = 'applauncherd-token-test::applauncherd-test-token'
-        
-        #check that facebook is NOT installed
-        notInstaled, op = commands.getstatusoutput('dpkg -l %s' %(packageName))
-        if (notInstaled==0) :
+
+        #check that test package is NOT installed
+        if (isPackageInstalled(packageName)) :
             debug('Tested package "%s" is isntalled, removing it.' %(packageName))
             self.__test_reexec_remove_test_package(packageName)
 
         initialBoosters = get_booster_pid()
-        
+
         def waitFoNewBoosters(oldBoosters) :
             oldBoosters = set(oldBoosters)
             for i in range(3) :
@@ -415,7 +415,7 @@ class SecurityTests(unittest.TestCase):
                     return newBoosters
                 time.sleep(1)
             return None
-        
+
         #send sighup just in case to clear capabilites of applaucherd (prevent problems from other bugy installations)
         commands.getstatusoutput('kill -hup `pgrep applauncherd`')
 
@@ -433,7 +433,7 @@ class SecurityTests(unittest.TestCase):
 
             debug('Installing test packege "%s"...' %(packageName))
             st, op = commands.getstatusoutput('dpkg -i %s' %(packageFileName))
-            self.assertEqual(st, 0, 'Installation of "%s" failed see:\n%s'  %(packageName, op))
+            self.assertEqual(st, 0, 'Installation of "%s" failed (error code: %s) see:\n%s'  %(packageName, st, op))
             debug('...Instalation was successful.')
 
             newBoostersPids = waitFoNewBoosters(oldBoostersPids)
@@ -459,6 +459,75 @@ class SecurityTests(unittest.TestCase):
             debug('Restoring system to initial state: removing test package after test was complleted.')
             self.__test_reexec_remove_test_package(packageName)
 
+    def test_that_other_apps_dont_gain_new_token(self) :
+        """
+        Checks that when running application is upgraded and upgrade contains new token, then
+        this runing application doesn't gain new token until it is restarted  (re-exec of
+        applauncherd don't have impact on child processes).
+        It is assumed that application is boosted (run by invoker).
+        """
+
+        package1FileName = '/usr/share/fala_images/applauncherd-token-test_1.0_armel.deb'
+        package2FileName = '/usr/share/fala_images/applauncherd-token-test_1.1_armel.deb'
+        packageName = 'applauncherd-token-test'
+        firstToken = 'applauncherd-token-test::applauncherd-test-token'
+        secondToken = 'applauncherd-token-test::applauncherd-test-second-token'
+        appName = "fala-token-test-app"
+
+        #check that test package is NOT installed
+        if (isPackageInstalled(packageName)) :
+            debug('Tested package "%s" is isntalled, removing it.' %(packageName))
+            self.__test_reexec_remove_test_package(packageName)
+
+        versionSearch = re.compile(r"_(\d+(\.\d+)+)_\w+\.deb")
+        debug("Installing '%s' in version: %s" %(packageName, versionSearch.search(package1FileName).group(1)))
+        st, op = commands.getstatusoutput('dpkg -i %s' %(package1FileName))
+        self.assertEqual(st, 0, 'Installation of "%s" failed (error code: %s) see:\n%s'  %(packageName, st, op))
+        debug('...Instalation was successful.')
+
+        try :
+            p = run_app_as_user_with_invoker(appName, 'e')
+            appPid = wait_for_app(appName)
+            self.assert_(appPid, "Application '%s' was not launched successfuly" %(appName))
+
+            oldCredentials = get_creds(pid = appPid)
+            self.assert_(oldCredentials, "Failed to fetch credentials for application '%s' with pid: %s." %(appName, appPid))
+            self.assert_(firstToken in oldCredentials, "Expected credential '%s' not found for '%s' application."
+                         %(firstToken, appName))
+            self.assert_((packageName+"::"+packageName) in oldCredentials, "Default package credential '%s' not found for '%s' application."
+                         %(packageName+"::"+packageName, appName))
+            self.assert_(not (secondToken in oldCredentials), "Old version of %s shouldn't have '%s' token"
+                         %(appName, secondToken))
+
+            debug("Instaling upgrade of package '%s' with version %s" %(packageName, versionSearch.search(package2FileName).group(1)))
+            st, op = commands.getstatusoutput('dpkg -i %s' %(package2FileName))
+            self.assertEqual(st, 0, 'Upgrade of package "%s" failed (error code: %s) see:\n%s'  %(packageName, st, op))
+            debug('...Instalation was successful.')
+
+            newCredentials = get_creds(pid = appPid)
+            self.assert_(newCredentials, "Failed to fetch credentials for application '%s' with pid: %s. Application might have crush." %(appName, appPid))
+
+            credDiff = set(oldCredentials).symmetric_difference(set(newCredentials))
+            self.assertEqual(len(credDiff), 0, "Application '%s' has a diffrance in tokens: %s, after installing update (application was not restarted)."
+                         %(appName, credDiff))
+
+            kill_process(appName)
+            time.sleep(2)
+
+            p = run_app_as_user_with_invoker(appName, 'e')
+            appPid = wait_for_app(appName)
+            newCredentials = get_creds(pid = appPid)
+            credDiff = set(oldCredentials).symmetric_difference(set(newCredentials))
+            self.assertEqual(credDiff, set([secondToken]), "After rerun of '%s' it should gain only '%s' token, not: %s"
+                             %(appName, secondToken, credDiff))
+
+        finally:
+            debug('Restoring system to initial state: removing test package after test was complleted.')
+            kill_process(appName)
+            self.__test_reexec_remove_test_package(packageName)
+
+
+
 # main
 if __name__ == '__main__':
     # When run with testrunner, for some reason the PATH doesn't include