These are the extra ones I found, in case anyone is interested (from BasePolicy.xml):
ID_CAP_RINGTONE_ADD:Allows ringtone-marketplace applications to read/write into the Ringtones directory
ID_CAP_MEDIALIB:Access to the media library - read, play-back, etc.
ID_CAP_INTEROPSERVICES:Temporary Interop Service Capability.. To be removed by feature team
ID_CAP_SIM:Provides access to SIM manager API
ID_CAP_SMS:Provides access to SMS API
ID_CAP_WAP:Provides access to WAP API
ID_CAP_IDENTITY_USER:Allow an application to use a phone.info.dll to retrieve user properties
ID_CAP_TESTPUBLIC1:Small public test capability
ID_CAP_LOADUNSIGNEDMANAGEDDLL:Capability to load unsigned managed dll into chamber's process space
ID_CAP_LOADUNSIGNEDNATIVEDLL:Capability to load unsigned native dll into chamber's process space
ID_CAP_DEBUG:Allow an application to run in debugging enviorment.
I've tested each of these individually, and some work, and others don't.
ID_CAP_SIM ID doesn't work
CAP_SMS doesn't work
ID_CAP_WAP doesn't work
ID_CAP_LOADUNSIGNEDNATIVEDLL doesn't work
ID_CAP_LOADUNSIGNEDMANAGEDDLL doesn't work.
Note that even for the ones that work, Microsoft may still reject them in the app store.
I tested these by entering them in the WMAppManifest.xml in the XAP, and loading them on a windows phone device. This guy suggests that if it loads on the device, you have the permission: http://www.drdobbs.com/windows/227701092 and I think he's right. If you don't have permission, it doesn't actually load, and in every case, if it loaded it ran.