A persistent non-GUI process launched automatically at boot time, immediately after application installation or by D-Bus activation.
application bundleAlso known as: app bundle, bundle
A group of functionally related components (be they services, data, or programs), installed as a unit. This matches the sense with which “app” is typically used on mobile platforms such as Android and iOS; for example, we would say that an Android .apk file contains a bundle. Some systems refer to this concept as a package, but that term is strongly associated with dpkg/apt (.deb) packages in Debian-derived systems, so we have avoided that term.
automotive domainAlso known as: AD, blue world
A security domain (potentially a virtualised OS, or a separate OS on a separate computer) which runs automotive processes, with direct access to hardware such as audio output or the CAN bus; contrast with the infotainment domain.
The property of being accessible and usable upon demand by an authorized entity.
built-in application bundle
An application bundle providing basic
user-facing functionality, presented as a modular “app” resembling a
store application. These are part of the
system image (
/usr/Applications), cannot be removed, and are updated by
See: Applications Design
bundle IDThe string identifying an application bundle. This should take the form of a reversed domain name, such as
The property that information is not disclosed to system entities (users, processes, devices) unless they have been authorized to access the information.
consumer–electronics domainAlso known as: CE domain, CD, red world, infotainment domain, IVI domain
A security domain (potentially a virtualised OS, or a separate OS on a separate computer) which runs the user’s infotainment processes, including downloaded applications and processing of untrusted content such as downloaded media; contrast with the automotive domain; Apertis is one implementation of the CE domain.
dialogueAlso known as: dialog A specialised form of window which is modal and typically used to prompt the user for a response to a specific question (such as ‘do you want to save changes to this document before closing’); this is used in the same sense as on desktop systems.
See: Applications Design
executableThe on-disk representation of a program.
graphical programA program with its own UI drawing surface, managed by the system's window manager. This matches the sense with which “application” is traditionally used on desktop/laptop operating systems, for instance referring to Notepad or to Microsoft Word.
HMIHuman Machine Interface
The property that data has not been changed, destroyed, or lost in an unauthorized or accidental manner.
Independent Software Vendor (ISV)An organisation or individual who produces third-party software for Apertis, in the form of a store application. ISVs are identified by a reversed domain name such as
notificationA transient message or alert from a process to a user, displayed for a short period of time; user interaction with the notification can launch a dialogue with follow-up options for the message; if the notification is ignored it will eventually disappear; this is used in the same sense as on desktop systems.
OEMA vendor such as a vehicle manufacturer who installs an Apertis variant on their products.
Software that is not an application bundle. This includes all the facilities used to boot up the device and perform basic system checks and restorations. It also includes the infrastructural services on which the applications rely, such as the session manager, window manager, message bus and configuration storage service, and the software libraries shared between components.
pre-installed application bundle
A store application which could conceivably be removed, but is installed on the device by default (e.g. weather might be a pre-installed application).
privilege, privilege boundary
A component that is able to access data that other components cannot is said to be privileged. If two components have different privileges – that is, at least one of them can do something that the other cannot – then there is said to be a privilege boundary between them.
processA running instance of a program.
programA runnable piece of software, which could be either a compiled binary or a script.
reversed domain nameA DNS domain name controlled by an organisation or individual, written with its components reversed, so that the conceptually largest component is first. For example, Collabora Ltd. controls all names within the scope of
collabora.co.uk, so we might use
uk.co.collabora.OurAppas the reversed domain name of an application bundle. This style of naming is used in contexts such as D-Bus, Android and Java, as well as in Apertis.
store accountAn account on an “app store”, analogous to Google Play accounts on Android or Apple Store accounts on iOS, not necessarily corresponding 1:1 to a user.
store application bundle
Would it be better to define system extensions in terms of putting files in /var/lib/apertis_extensions, and say that each app bundle may contain an agent, a graphical program, a system extension and/or future forms of content?
system serviceA background program that is run on behalf of the system as a whole, not a specific user; normally part of the platform, but potentially part of an application bundle.
trustAlso known as: trusted computing base, TCB
A trusted component is a component that is technically able to violate the security model (i.e. it is relied on to enforce a privilege boundary), such that errors or malicious actions in that component could undermine the security model. The TCB is the set of trusted components for a particular privilege boundary. Not automatically the same thing as being trustworthy!
userA person who uses the system.
user accountThe software representation of a user.
uidThe numeric Unix identifier that is a property of each process, as returned by e.g.
getuid(), potentially representing a user, multiple users, a system component and/or a subset of a user's processes.
user serviceA background program that is run on behalf of a specific user, regardless of whether it is part of the platform like
systemd --user, or part of an application bundle.