site-packages/setools/contextquery.py

# Copyright 2014-2015, Tresys Technology, LLC
#
# This file is part of SETools.
#
# SETools is free software: you can redistribute it and/or modify
# it under the terms of the GNU Lesser General Public License as
# published by the Free Software Foundation, either version 2.1 of
# the License, or (at your option) any later version.
#
# SETools is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU Lesser General Public License for more details.
#
# You should have received a copy of the GNU Lesser General Public
# License along with SETools.  If not, see
# <http://www.gnu.org/licenses/>.
#
# pylint: disable=attribute-defined-outside-init,no-member
import re

from . import query
from .descriptors import CriteriaDescriptor


class ContextQuery(query.PolicyQuery):

    """
    Base class for SETools in-policy labeling/context queries.

    Parameter:
    policy          The policy to query.

    Keyword Parameters/Class attributes:
    context         The object to match.
    user            The user to match in the context.
    user_regex      If true, regular expression matching
                    will be used on the user.
    role            The role to match in the context.
    role_regex      If true, regular expression matching
                    will be used on the role.
    type_           The type to match in the context.
    type_regex      If true, regular expression matching
                    will be used on the type.
    range_          The range to match in the context.
    range_subset    If true, the criteria will match if it
                    is a subset of the context's range.
    range_overlap   If true, the criteria will match if it
                    overlaps any of the context's range.
    range_superset  If true, the criteria will match if it
                    is a superset of the context's range.
    range_proper    If true, use proper superset/subset
                    on range matching operations.
                    No effect if not using set operations.
    """

    user = CriteriaDescriptor("user_regex", "lookup_user")
    user_regex = False
    role = CriteriaDescriptor("role_regex", "lookup_role")
    role_regex = False
    type_ = CriteriaDescriptor("type_regex", "lookup_type")
    type_regex = False
    range_ = CriteriaDescriptor(lookup_function="lookup_range")
    range_overlap = False
    range_subset = False
    range_superset = False
    range_proper = False

    def _match_context(self, context):

        if self.user and not query.PolicyQuery._match_regex(
                context.user,
                self.user,
                self.user_regex):
            return False

        if self.role and not query.PolicyQuery._match_regex(
                context.role,
                self.role,
                self.role_regex):
            return False

        if self.type_ and not query.PolicyQuery._match_regex(
                context.type_,
                self.type_,
                self.type_regex):
            return False

        if self.range_ and not query.PolicyQuery._match_range(
                context.range_,
                self.range_,
                self.range_subset,
                self.range_overlap,
                self.range_superset,
                self.range_proper):
            return False

        return True