1 files changed, 67 insertions, 0 deletions
diff --git a/rainbow/permissions/permissions.txt b/rainbow/permissions/permissions.txt
new file mode 100644
index 0000000..09d3bfe
--- /dev/null
+++ b/rainbow/permissions/permissions.txt
@@ -0,0 +1,67 @@
+# We will make a new section in activity.info called:
+[Capabilities]
+
+# There are several protections which cannot be modified by the installer.
+# P_BIOS_CORE -- we sign bios with dev key; firmware checks
+# P_BIOS_COPY -- not our problem
+# P_SF_CORE -- may be turned off with dev key.
+# P_SF_RUN -- What, exactly, does "system files" refer to?
+
+net=1                         # over-all net access; (1, 0)
+net.limits.burst=10           # token bucket depth; tokens
+net.limits.steady=2           # token bucket refill rate;  tokens / sec
+net.limits.connections=5      # connections 
+
+# There are several network options that we don't know how or why to implement
+# at the moment
+
+#net.limits.quota=3.5         # total throughput megabytes
+#net.firewall=???             # some firewall rules, TBD
+#net.access_rules.times=      # 
+#net.ports.53.bind=1          # allow us to bind on port 53
+
+
+nand.limits.burst=1           # tokens
+nand.limits.steady=1          # tokens / sec
+nand.limits.quota=0           # mb
+
+# timed capabilities? (all boolean flags allowing capability request)
+
+microphone=1                  # boolean flags
+microphone.analog=0           #
+camera=1                      #
+
+
+# -- can these be turned off?
+cpu.limits.burst=100          # tokens
+cpu.limits.steady=50          # tokens/sec
+
+# P_RTC -- is this a configurable flag?
+
+dsp.bg=1                      # we want to play sounds in the background
+
+x=0                           # synthetic X events
+
+fs.full=0                     # we don't need full disk access
+usb=0                         # or usb access
+sd=0                          # or SD access
+
+# As Noah notes, we're *going* to need an async-notification scheme.
+# That can be spammed, so it needs a permission.
+# Likewise for a search service.
+
+#P_IDENT -- any permissions?
+#P_SANDBOX -- no permissions ATM; eventual fine-grained library & binary inclusion
+
+document=0                    # boolean flag
+document.read_only=           # mime-type
+document.limits.burst=0       # tokens
+document.limits.steady=0      # tokens/sec
+
+
+#P_DOCUMENT_BACKUP -- no permissions
+#P_THEFT -- no permissions
+#P_SERVER_AUTH -- no permissions... (depends on P_NET?)
+#P_PASSWORD -- no permissions
+
+