{
  "_type": "Capability",
  "name": "user",
  "partition": "com.example.System",
  "accessRules": {
    "rw": {
      "read": ["[?_type = \"Partition\"]"]
    }
  }
}
{
    "_type": "Capability",
    "name": "user",
    "partition": "com.example.User",
    "accessRules": {
      "rw": {
        "read": [".*"],
        "write": ["[?_type startsWith \"public.\"]",
                  "[?%owner startsWith %typeDomain]"]
      },
      "setOwner": {
        "setOwner": ["[?_type startsWith \"public.\"]",
                     "[?%owner startsWith %typeDomain]"]
      }
    }
  }
{
  "_type": "Capability",
  "name": "system",
  "partition": "com.example.Public",
  "accessRules": {
    "rw": {
      "read": [".*"],
      "write": [".*"]
    },
    "setOwner": {
      "setOwner": [".*"]
    }
  }
}
{
  "_type": "Capability",
  "name": "user",
  "partition": "com.example.Ephemeral",
  "accessRules": {
    "rw": {
      "read": [".*"],
      "write": [".*"]
    },
    "setOwner": {
      "setOwner": [".*"]
    }
  }
}
{
  "_type": "Capability",
  "name": "user",
  "partition": "com.example.Card",
  "accessRules": {
    "rw": {
      "read": [".*"],
      "write": ["[?_type startsWith \"public.\"]",
                "[?%owner startsWith %typeDomain]"]
    },
    "setOwner": {
      "setOwner": ["[?_type startsWith \"public.\"]",
                "[?%owner startsWith %typeDomain]"]
    }
  }
}
{
  "_type": "Capability",
  "name": "user",
  "partition": "%owner",
  "accessRules": {
    "rw": {
      "read": [".*"],
      "write": [".*"],
      "setOwner": [".*"]
    }
  }
}