# Copyright 2014-2015, Tresys Technology, LLC
#
# This file is part of SETools.
#
# SETools is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as
# published by the Free Software Foundation, either version 2.1 of
# the License, or (at your option) any later version.
#
# SETools is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with SETools. If not, see
# <http://www.gnu.org/licenses/>.
#
# pylint: disable=attribute-defined-outside-init,no-member
import re
from . import query
from .descriptors import CriteriaDescriptor
class ContextQuery(query.PolicyQuery):
"""
Base class for SETools in-policy labeling/context queries.
Parameter:
policy The policy to query.
Keyword Parameters/Class attributes:
context The object to match.
user The user to match in the context.
user_regex If true, regular expression matching
will be used on the user.
role The role to match in the context.
role_regex If true, regular expression matching
will be used on the role.
type_ The type to match in the context.
type_regex If true, regular expression matching
will be used on the type.
range_ The range to match in the context.
range_subset If true, the criteria will match if it
is a subset of the context's range.
range_overlap If true, the criteria will match if it
overlaps any of the context's range.
range_superset If true, the criteria will match if it
is a superset of the context's range.
range_proper If true, use proper superset/subset
on range matching operations.
No effect if not using set operations.
"""
user = CriteriaDescriptor("user_regex", "lookup_user")
user_regex = False
role = CriteriaDescriptor("role_regex", "lookup_role")
role_regex = False
type_ = CriteriaDescriptor("type_regex", "lookup_type")
type_regex = False
range_ = CriteriaDescriptor(lookup_function="lookup_range")
range_overlap = False
range_subset = False
range_superset = False
range_proper = False
def _match_context(self, context):
if self.user and not query.PolicyQuery._match_regex(
context.user,
self.user,
self.user_regex):
return False
if self.role and not query.PolicyQuery._match_regex(
context.role,
self.role,
self.role_regex):
return False
if self.type_ and not query.PolicyQuery._match_regex(
context.type_,
self.type_,
self.type_regex):
return False
if self.range_ and not query.PolicyQuery._match_range(
context.range_,
self.range_,
self.range_subset,
self.range_overlap,
self.range_superset,
self.range_proper):
return False
return True