# We will make a new section in activity.info called:
[Capabilities]

# There are several protections which cannot be modified by the installer.
# P_BIOS_CORE -- we sign bios with dev key; firmware checks
# P_BIOS_COPY -- not our problem
# P_SF_CORE -- may be turned off with dev key.
# P_SF_RUN -- What, exactly, does "system files" refer to?

net=1                         # over-all net access; (1, 0)
net.limits.burst=10           # token bucket depth; tokens
net.limits.steady=2           # token bucket refill rate;  tokens / sec
net.limits.connections=5      # connections 

# There are several network options that we don't know how or why to implement
# at the moment

#net.limits.quota=3.5         # total throughput megabytes
#net.firewall=???             # some firewall rules, TBD
#net.access_rules.times=      # 
#net.ports.53.bind=1          # allow us to bind on port 53


nand.limits.burst=1           # tokens
nand.limits.steady=1          # tokens / sec
nand.limits.quota=0           # mb

# timed capabilities? (all boolean flags allowing capability request)

microphone=1                  # boolean flags
microphone.analog=0           #
camera=1                      #


# -- can these be turned off?
cpu.limits.burst=100          # tokens
cpu.limits.steady=50          # tokens/sec

# P_RTC -- is this a configurable flag?

dsp.bg=1                      # we want to play sounds in the background

x=0                           # synthetic X events

fs.full=0                     # we don't need full disk access
usb=0                         # or usb access
sd=0                          # or SD access

# As Noah notes, we're *going* to need an async-notification scheme.
# That can be spammed, so it needs a permission.
# Likewise for a search service.

#P_IDENT -- any permissions?
#P_SANDBOX -- no permissions ATM; eventual fine-grained library & binary inclusion

document=0                    # boolean flag
document.read_only=           # mime-type
document.limits.burst=0       # tokens
document.limits.steady=0      # tokens/sec


#P_DOCUMENT_BACKUP -- no permissions
#P_THEFT -- no permissions
#P_SERVER_AUTH -- no permissions... (depends on P_NET?)
#P_PASSWORD -- no permissions


