Skip to content

Turbo Launcher

Validate Launcher UI behavior for authorization, visibility, policy reload/fail‑closed posture, and precedence semantics.

Objectives

  • Only authorized and visible apps list and launch.
  • Invalid policy fails closed and reverts to Last Known Good (LKG) where available.
  • matchAny and priority/tie‑break behaviors are enforced.

Preconditions

  • Turbo Launcher installed with Secure Sandbox.
  • Test policies available (valid and intentionally invalid variants).

Controls Under Test

  • apps[].visibility, apps[].action, matchAny, priority.
  • Policy loading and recovery (invalid JSON/signature; Retry behavior).

Test Scenarios

IDCanonical IDsScenarioProcedureExpected Outcome
SCEN-SYSTEM-LAUNCHER-01HARD-POLICY-08Visible apps onlyConfigure some apps action: "allow", visibility: "visible"; others hidden or unauthorized. Open Applications and attempt launches.Only allow+visible apps list and launch. Hidden apps do not list. Unauthorized apps cannot launch; audit shows authz deny with rule.id.
SCEN-SYSTEM-LAUNCHER-02HARD-POLICY-09matchAny OR semanticsConfigure matchAny with multiple matcher sets. Attempt launch satisfying each set vs none.Launch allowed when any set matches; denied when none match; audit allow/deny with rule.id.
SCEN-SYSTEM-LAUNCHER-03HARD-POLICY-10Priority and tie‑breakCreate multiple allow policies for same executable with different priority; then equal priority to test tiebreak by id.Highest priority wins; for equal priority, lower alphabetical id wins. Audit reflects winning rule.id/priority.
SCEN-SYSTEM-LAUNCHER-04HARD-POLICY-06Invalid policy JSON (fail‑closed + LKG)Corrupt policy.json; click Retry or restart.Invalid policy is not loaded; deny posture maintained. If LKG exists, Launcher reverts to previous good policy; audit shows Policy.Load.Failed.
SCEN-SYSTEM-LAUNCHER-05HARD-POLICY-07Reload semantics (Retry)With invalid policy present, Retry; replace with valid policy and Retry again.Launcher remains fail‑closed while invalid; loads and enforces upon valid policy; audit shows failure then success with integrity chain.

Evidence Requirements

  • authz/policy events with action, reason, rule.id, and integrity.hash.