| # Copyright 2014-2015, Tresys Technology, LLC |
| # |
| # This file is part of SETools. |
| # |
| # SETools is free software: you can redistribute it and/or modify |
| # it under the terms of the GNU Lesser General Public License as |
| # published by the Free Software Foundation, either version 2.1 of |
| # the License, or (at your option) any later version. |
| # |
| # SETools is distributed in the hope that it will be useful, |
| # but WITHOUT ANY WARRANTY; without even the implied warranty of |
| # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
| # GNU Lesser General Public License for more details. |
| # |
| # You should have received a copy of the GNU Lesser General Public |
| # License along with SETools. If not, see |
| # <http://www.gnu.org/licenses/>. |
| # |
| # pylint: disable=attribute-defined-outside-init,no-member |
| import re |
| |
| from . import query |
| from .descriptors import CriteriaDescriptor |
| |
| |
| class ContextQuery(query.PolicyQuery): |
| |
| """ |
| Base class for SETools in-policy labeling/context queries. |
| |
| Parameter: |
| policy The policy to query. |
| |
| Keyword Parameters/Class attributes: |
| context The object to match. |
| user The user to match in the context. |
| user_regex If true, regular expression matching |
| will be used on the user. |
| role The role to match in the context. |
| role_regex If true, regular expression matching |
| will be used on the role. |
| type_ The type to match in the context. |
| type_regex If true, regular expression matching |
| will be used on the type. |
| range_ The range to match in the context. |
| range_subset If true, the criteria will match if it |
| is a subset of the context's range. |
| range_overlap If true, the criteria will match if it |
| overlaps any of the context's range. |
| range_superset If true, the criteria will match if it |
| is a superset of the context's range. |
| range_proper If true, use proper superset/subset |
| on range matching operations. |
| No effect if not using set operations. |
| """ |
| |
| user = CriteriaDescriptor("user_regex", "lookup_user") |
| user_regex = False |
| role = CriteriaDescriptor("role_regex", "lookup_role") |
| role_regex = False |
| type_ = CriteriaDescriptor("type_regex", "lookup_type") |
| type_regex = False |
| range_ = CriteriaDescriptor(lookup_function="lookup_range") |
| range_overlap = False |
| range_subset = False |
| range_superset = False |
| range_proper = False |
| |
| def _match_context(self, context): |
| |
| if self.user and not query.PolicyQuery._match_regex( |
| context.user, |
| self.user, |
| self.user_regex): |
| return False |
| |
| if self.role and not query.PolicyQuery._match_regex( |
| context.role, |
| self.role, |
| self.role_regex): |
| return False |
| |
| if self.type_ and not query.PolicyQuery._match_regex( |
| context.type_, |
| self.type_, |
| self.type_regex): |
| return False |
| |
| if self.range_ and not query.PolicyQuery._match_range( |
| context.range_, |
| self.range_, |
| self.range_subset, |
| self.range_overlap, |
| self.range_superset, |
| self.range_proper): |
| return False |
| |
| return True |
