1 # Copyright 2014-2015, Tresys Technology, LLC 2 # 3 # This file is part of SETools. 4 # 5 # SETools is free software: you can redistribute it and/or modify 6 # it under the terms of the GNU Lesser General Public License as 7 # published by the Free Software Foundation, either version 2.1 of 8 # the License, or (at your option) any later version. 9 # 10 # SETools is distributed in the hope that it will be useful, 11 # but WITHOUT ANY WARRANTY; without even the implied warranty of 12 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 # GNU Lesser General Public License for more details. 14 # 15 # You should have received a copy of the GNU Lesser General Public 16 # License along with SETools. If not, see 17 # <http://www.gnu.org/licenses/>. 18 # 19 # pylint: disable=attribute-defined-outside-init,no-member 20 import re 21 22 from . import query 23 from .descriptors import CriteriaDescriptor 24 25 26 class ContextQuery(query.PolicyQuery): 27 28 """ 29 Base class for SETools in-policy labeling/context queries. 30 31 Parameter: 32 policy The policy to query. 33 34 Keyword Parameters/Class attributes: 35 context The object to match. 36 user The user to match in the context. 37 user_regex If true, regular expression matching 38 will be used on the user. 39 role The role to match in the context. 40 role_regex If true, regular expression matching 41 will be used on the role. 42 type_ The type to match in the context. 43 type_regex If true, regular expression matching 44 will be used on the type. 45 range_ The range to match in the context. 46 range_subset If true, the criteria will match if it 47 is a subset of the context's range. 48 range_overlap If true, the criteria will match if it 49 overlaps any of the context's range. 50 range_superset If true, the criteria will match if it 51 is a superset of the context's range. 52 range_proper If true, use proper superset/subset 53 on range matching operations. 54 No effect if not using set operations. 55 """ 56 57 user = CriteriaDescriptor("user_regex", "lookup_user") 58 user_regex = False 59 role = CriteriaDescriptor("role_regex", "lookup_role") 60 role_regex = False 61 type_ = CriteriaDescriptor("type_regex", "lookup_type") 62 type_regex = False 63 range_ = CriteriaDescriptor(lookup_function="lookup_range") 64 range_overlap = False 65 range_subset = False 66 range_superset = False 67 range_proper = False 68 69 def _match_context(self, context): 70 71 if self.user and not query.PolicyQuery._match_regex( 72 context.user, 73 self.user, 74 self.user_regex): 75 return False 76 77 if self.role and not query.PolicyQuery._match_regex( 78 context.role, 79 self.role, 80 self.role_regex): 81 return False 82 83 if self.type_ and not query.PolicyQuery._match_regex( 84 context.type_, 85 self.type_, 86 self.type_regex): 87 return False 88 89 if self.range_ and not query.PolicyQuery._match_range( 90 context.range_, 91 self.range_, 92 self.range_subset, 93 self.range_overlap, 94 self.range_superset, 95 self.range_proper): 96 return False 97 98 return True 99