Web   ·   Wiki   ·   Activities   ·   Blog   ·   Lists   ·   Chat   ·   Meeting   ·   Bugs   ·   Git   ·   Translate   ·   Archive   ·   People   ·   Donate
summaryrefslogtreecommitdiffstats
path: root/rainbow/permissions/permissions.txt
blob: 09d3bfe572b47eba93eedf7ae48b47cfa9dab07d (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67

# We will make a new section in activity.info called:
[Capabilities]

# There are several protections which cannot be modified by the installer.
# P_BIOS_CORE -- we sign bios with dev key; firmware checks
# P_BIOS_COPY -- not our problem
# P_SF_CORE -- may be turned off with dev key.
# P_SF_RUN -- What, exactly, does "system files" refer to?

net=1                         # over-all net access; (1, 0)
net.limits.burst=10           # token bucket depth; tokens
net.limits.steady=2           # token bucket refill rate;  tokens / sec
net.limits.connections=5      # connections 

# There are several network options that we don't know how or why to implement
# at the moment

#net.limits.quota=3.5         # total throughput megabytes
#net.firewall=???             # some firewall rules, TBD
#net.access_rules.times=      # 
#net.ports.53.bind=1          # allow us to bind on port 53


nand.limits.burst=1           # tokens
nand.limits.steady=1          # tokens / sec
nand.limits.quota=0           # mb

# timed capabilities? (all boolean flags allowing capability request)

microphone=1                  # boolean flags
microphone.analog=0           #
camera=1                      #


# -- can these be turned off?
cpu.limits.burst=100          # tokens
cpu.limits.steady=50          # tokens/sec

# P_RTC -- is this a configurable flag?

dsp.bg=1                      # we want to play sounds in the background

x=0                           # synthetic X events

fs.full=0                     # we don't need full disk access
usb=0                         # or usb access
sd=0                          # or SD access

# As Noah notes, we're *going* to need an async-notification scheme.
# That can be spammed, so it needs a permission.
# Likewise for a search service.

#P_IDENT -- any permissions?
#P_SANDBOX -- no permissions ATM; eventual fine-grained library & binary inclusion

document=0                    # boolean flag
document.read_only=           # mime-type
document.limits.burst=0       # tokens
document.limits.steady=0      # tokens/sec


#P_DOCUMENT_BACKUP -- no permissions
#P_THEFT -- no permissions
#P_SERVER_AUTH -- no permissions... (depends on P_NET?)
#P_PASSWORD -- no permissions
generated by cgit v0.9.1 at 2024-05-12 13:46:38 (GMT)