diff options
Diffstat (limited to 'rainbow/permissions/permissions.txt')
-rw-r--r-- | rainbow/permissions/permissions.txt | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/rainbow/permissions/permissions.txt b/rainbow/permissions/permissions.txt new file mode 100644 index 0000000..09d3bfe --- /dev/null +++ b/rainbow/permissions/permissions.txt @@ -0,0 +1,67 @@ +# We will make a new section in activity.info called: +[Capabilities] + +# There are several protections which cannot be modified by the installer. +# P_BIOS_CORE -- we sign bios with dev key; firmware checks +# P_BIOS_COPY -- not our problem +# P_SF_CORE -- may be turned off with dev key. +# P_SF_RUN -- What, exactly, does "system files" refer to? + +net=1 # over-all net access; (1, 0) +net.limits.burst=10 # token bucket depth; tokens +net.limits.steady=2 # token bucket refill rate; tokens / sec +net.limits.connections=5 # connections + +# There are several network options that we don't know how or why to implement +# at the moment + +#net.limits.quota=3.5 # total throughput megabytes +#net.firewall=??? # some firewall rules, TBD +#net.access_rules.times= # +#net.ports.53.bind=1 # allow us to bind on port 53 + + +nand.limits.burst=1 # tokens +nand.limits.steady=1 # tokens / sec +nand.limits.quota=0 # mb + +# timed capabilities? (all boolean flags allowing capability request) + +microphone=1 # boolean flags +microphone.analog=0 # +camera=1 # + + +# -- can these be turned off? +cpu.limits.burst=100 # tokens +cpu.limits.steady=50 # tokens/sec + +# P_RTC -- is this a configurable flag? + +dsp.bg=1 # we want to play sounds in the background + +x=0 # synthetic X events + +fs.full=0 # we don't need full disk access +usb=0 # or usb access +sd=0 # or SD access + +# As Noah notes, we're *going* to need an async-notification scheme. +# That can be spammed, so it needs a permission. +# Likewise for a search service. + +#P_IDENT -- any permissions? +#P_SANDBOX -- no permissions ATM; eventual fine-grained library & binary inclusion + +document=0 # boolean flag +document.read_only= # mime-type +document.limits.burst=0 # tokens +document.limits.steady=0 # tokens/sec + + +#P_DOCUMENT_BACKUP -- no permissions +#P_THEFT -- no permissions +#P_SERVER_AUTH -- no permissions... (depends on P_NET?) +#P_PASSWORD -- no permissions + + |