<policymap>
  <!-- Set some basic system resource limits -->
  <policy domain="resource" name="time" value="60" />

  <policy domain="module" rights="none" pattern="URL" />

  <policy domain="filter" rights="none" pattern="*" />

  <!--
    Ideally, we would restrict ImageMagick to only accessing its own
    disk-backed pixel cache as well as Mastodon-created Tempfiles.

    However, those paths depend on the operating system and environment
    variables, so they can only be known at runtime.

    Furthermore, those paths are not necessarily shared across Mastodon
    processes, so even creating a policy.xml at runtime is impractical.

    For the time being, only disable indirect reads.
  -->
  <policy domain="path" rights="none" pattern="@*" />

  <!-- Disallow any coder by default, and only enable ones required by Mastodon -->
  <policy domain="coder" rights="none" pattern="*" />
  <policy domain="coder" rights="read | write" pattern="{PNG,JPEG,GIF,HEIC,WEBP}" />
  <policy domain="coder" rights="write" pattern="{HISTOGRAM,RGB,INFO}" />
</policymap>