I don't know if permissions policy makes sense for clipboard support. While I suppose it's something that the user can disable support for, it's not something that makes sense for websites to control for themselves or explicitly enable for third parties. That would only make sense if there was a permission dialog, but that does not seem like a good idea for clipboard access. Safari's "Paste contextmenu" seems much more reasonable.
write(), yeah, the problem is that the specification doesn't define the sanitization process for these types. If we already support these for drag & drop it might be reasonable though. Depends a bit on the specifics.