A custom allow/deny decision

I’m very new to IdAM and as part of a research project I have started looking at the WSO2 for access management. I read about how an XPath expression can be used inside the XACML to determine the allow/deny decision, but the XML we’re using is quite complex, and I don’t think the XPath can easily be used. I’m wondering whether a custom ‘function’ (written by ourselves) could be used to parse the XML and make the Allow/Deny decision. At the moment I don’t believe it is possible to write a customer function, but I thought it best to ask before trying another approach.