Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / ImageMagick / aff6d807f839a998fff6e87198f2418868ab508e / . / config / policy.xml
blob: ddc3da571061bde0adf0e25e4e405dc561478267 [file] [log] [blame]
cristy3ed852e2009-09-05 21:47:34 +0000[diff] [blame]1<?xml version="1.0" encoding="UTF-8"?>
2<!DOCTYPE policymap [
3<!ELEMENT policymap (policy)+>
4<!ELEMENT policy (#PCDATA)>
5<!ATTLIST policy domain (delegate|coder|filter|path|resource) #IMPLIED>
6<!ATTLIST policy name CDATA #IMPLIED>
7<!ATTLIST policy rights CDATA #IMPLIED>
8<!ATTLIST policy pattern CDATA #IMPLIED>
9<!ATTLIST policy value CDATA #IMPLIED>
10]>
11<!--
cristy1ca3eb32009-10-15 18:41:54 +0000[diff] [blame]12 Configure ImageMagick policies.
cristy3ed852e2009-09-05 21:47:34 +0000[diff] [blame]13
cristy7ce14bc2010-01-17 00:01:01 +0000[diff] [blame]14 Domains include system, delegate, coder, filter, path, or resource.
cristy3ed852e2009-09-05 21:47:34 +0000[diff] [blame]15
16 Rights include none, read, write, and execute. Use | to combine them,
17 for example: "read | write" to permit read from, or write to, a path.
18
19 Use a glob expression as a pattern.
20
21 Suppose we do not want users to process MPEG video images:
22
23 <policy domain="delegate" rights="none" pattern="mpeg:decode" />
24
25 Here we do not want users reading images from HTTP:
26
27 <policy domain="coder" rights="none" pattern="HTTP" />
28
29 Lets prevent users from executing any image filters:
30
31 <policy domain="filter" rights="none" pattern="*" />
32
33 The /repository file system is restricted to read only. We use a glob
34 expression to match all paths that start with /repository:
35
36 <policy domain="path" rights="read" pattern="/repository/*" />
37
38 Any large image is cached to disk rather than memory:
39
40 <policy domain="resource" name="area" value="1gb"/>
cristy652316c2010-11-23 13:49:46 +0000[diff] [blame]41
cristybdf5e0e2010-11-23 13:55:08 +0000[diff] [blame]42 Note, resource policies are maximums for each instance of ImageMagick (e.g.
43 policy memory limit 1GB, -limit 2GB exceeds policy maximum so memory limit
44 is 1GB).
cristy3ed852e2009-09-05 21:47:34 +0000[diff] [blame]45-->
46<policymap>
cristy7ce14bc2010-01-17 00:01:01 +0000[diff] [blame]47 <!-- <policy domain="system" name="precision" value="6"/> -->
cristy3ed852e2009-09-05 21:47:34 +0000[diff] [blame]48 <!-- <policy domain="resource" name="temporary-path" value="/tmp"/> -->
cristybdf5e0e2010-11-23 13:55:08 +0000[diff] [blame]49 <!-- <policy domain="resource" name="memory" value="2GiB"/> -->
50 <!-- <policy domain="resource" name="map" value="4GiB"/> -->
cristy3ed852e2009-09-05 21:47:34 +0000[diff] [blame]51 <!-- <policy domain="resource" name="area" value="1gb"/> -->
52 <!-- <policy domain="resource" name="disk" value="16eb"/> -->
53 <!-- <policy domain="resource" name="file" value="768"/> -->
cristy85c50a32010-11-23 13:59:34 +0000[diff] [blame]54 <!-- <policy domain="resource" name="thread" value="4"/> -->
cristy6ebe97c2010-07-03 01:17:28 +0000[diff] [blame]55 <!-- <policy domain="resource" name="throttle" value="0"/> -->
cristy3ed852e2009-09-05 21:47:34 +0000[diff] [blame]56 <!-- <policy domain="resource" name="time" value="3600"/> -->
57</policymap>