Glossary

From Apertis
Jump to: navigation, search
This page is a work in progress. Mostly related to the Applications design document right now.


agent
a persistent non-GUI process launched automatically at boot time, immediately after application installation or by D-Bus activation [defined by: Applications design document]
application bundle, app bundle, bundle
a group of functionally related components (be they services, data, or programs), installed as a unit. This matches the sense with which "app" is typically used on mobile platforms such as Android and iOS; for example, we would say that an Android .apk file contains a bundle. Some systems refer to this concept as a package, but that term is strongly associated with dpkg/apt (.deb) packages in Debian-derived systems, so we have avoided that term. [defined by: Applications design document]
automotive domain ()
a security domain (potentially a virtualised OS, or a separate OS on a separate computer) which runs automotive processes, with direct access to hardware such as audio output or the CAN bus; contrast with the infotainment domain [defined by: Inter-Domain Communications design document] (also known as: blue world)
availability
the property of being accessible and usable upon demand by an authorized entity [see the Security design document]
built-in application bundle
an application bundle providing basic user-facing functionality, presented as a modular "app" resembling a store application. These are part of the system image (/usr/Applications), cannot be removed, and are updated by system updates. [defined by: Applications design document]
bundle ID
The string identifying an application bundle. This should take the form of a reversed domain name, such as org.apertis.Frampton or uk.co.collabora.OurApp.
confidentiality
the property that information is not disclosed to system entities (users, processes, devices) unless they have been authorized to access the information [see the Security design document]
consumer–electronics domain (CE domain, CD)
a security domain (potentially a virtualised OS, or a separate OS on a separate computer) which runs the user’s infotainment processes, including downloaded applications and processing of untrusted content such as downloaded media; contrast with the automotive domain; Apertis is one implementation of the CE domain [defined by: Inter-Domain Communications design document] (also known as: red world, infotainment domain (IVI domain))
dialogue or dialog
a specialised form of window which is modal and typically used to prompt the user for a response to a specific question (such as ‘do you want to save changes to this document before closing’); this is used in the same sense as on desktop systems
essential software
the platform and built-in applications [defined by: Applications design document]
executable
the on-disk representation of a program
graphical program
a program with its own UI drawing surface, managed by the system's window manager. This matches the sense with which "application" is traditionally used on desktop/laptop operating systems, for instance referring to Notepad or to Microsoft Word.
integrity
the property that data has not been changed, destroyed, or lost in an unauthorized or accidental manner [see the Security design document]
Independent Software Vendor (ISV)
an organisation or individual who produces third-party software for Apertis, in the form of a store application. ISVs are identified by a reversed domain name such as uk.co.collabora
notification
a transient message or alert from a process to a user, displayed for a short period of time; user interaction with the notification can launch a dialogue with follow-up options for the message; if the notification is ignored it will eventually disappear; this is used in the same sense as on desktop systems
OEM
a vendor such as a vehicle manufacturer who installs an Apertis variant on their products
platform
software that is not an application bundle. This includes all the facilities used to boot up the device and perform basic system checks and restorations. It also includes the infrastructural services on which the applications rely, such as the session manager, window manager, message bus and configuration storage service, and the software libraries shared between components. [defined by: Applications design document]
pre-installed application bundle
a store application which could conceivably be removed, but is installed on the device by default (e.g. weather might be a pre-installed application) [defined by: Applications design document]
privilege, privilege boundary
A component that is able to access data that other components cannot is said to be privileged. If two components have different privileges – that is, at least one of them can do something that the other cannot – then there is said to be a privilege boundary between them. [defined in the Security design document]
process
a running instance of a program
program
a runnable piece of software, which could be either a compiled binary or a script
reversed domain name
a DNS domain name controlled by an organisation or individual, written with its components reversed, so that the conceptually largest component is first. For example, Collabora Ltd. controls all names within the scope of collabora.co.uk, so we might use uk.co.collabora.OurApp as the reversed domain name of an application bundle. This style of naming is used in contexts such as D-Bus, Android and Java, as well as in Apertis.
store account
an account on an "app store", analogous to Google Play accounts on Android or Apple Store accounts on iOS, not necessarily corresponding 1:1 to a user
store application bundle
an application bundle that is not built-in: that is, either a pre-installed application bundle, or an ordinary application that is not preinstalled [defined by: Applications design document]
system extension
an application bundle that is not an graphical program, i.e. a user-installable bundle of content or code (services, themes, plugins, DLC, etc.) available from an app store [defined by: Applications design document] [clarification required: would it be better to define system extensions in terms of putting files in /var/lib/apertis_extensions, and say that each app bundle may contain an agent, a graphical program, a system extension and/or future forms of content?]
system service
a background program that is run on behalf of the system as a whole, not a specific user; normally part of the platform, but potentially part of an application bundle
trust, trusted computing base, TCB
A trusted component is a component that is technically able to violate the security model (i.e. it is relied on to enforce a privilege boundary), such that errors or malicious actions in that component could undermine the security model. The TCB is the set of trusted components for a particular privilege boundary. Not automatically the same thing as being trustworthy! [see the Security design document]
user
a person who uses the system
user account
the software representation of a user
user ID, uid
the numeric Unix identifier that is a property of each process, as returned by e.g. getuid(), potentially representing a user, multiple users, a system component and/or a subset of a user's processes
user service
a background program that is run on behalf of a specific user, regardless of whether it is part of the platform like 'systemd --user', or part of an application bundle
variant
an OEM-specific version of Apertis, with their customisations and default applications; the UI and main interface (application launcher, status bar, etc.) may be customised
window
the main user interface container for a graphical program, used in the same sense as in traditional desktop UIs, though perhaps rendered with different window decoration and with the system restricted to only rendering the main window from one focused program at once
Personal tools
Namespaces

Variants
Actions
Navigation
Tools