Add IFR Security Op-code support in the Form Browser.

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@9492 6f19259b-4bc3-4df7-8a09-765794883524
2009-11-26 09:26:42 +00:00
parent 4ac7f45373
commit cbf73e5030
4 changed files with 116 additions and 4 deletions
--- a/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c
+++ b/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c
@@ -1,7 +1,7 @@
 /** @file
 Utility functions for expression evaluation.

-Copyright (c) 2007 - 2008, Intel Corporation
+Copyright (c) 2007 - 2009, Intel Corporation
 All rights reserved. This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -29,7 +29,7 @@ EFI_HII_VALUE *mExpressionEvaluationStackPointer = NULL;
 // Unicode collation protocol interface
 //
 EFI_UNICODE_COLLATION_PROTOCOL *mUnicodeCollation = NULL;
-
+EFI_USER_MANAGER_PROTOCOL      *mUserManager = NULL;

 /**
  Grow size of the stack.
@@ -1296,6 +1296,108 @@ CompareHiiValue (
  return Result;
 }

+/**
+  Check if current user has the privilege specified by the permissions GUID.
+
+  @param[in] Guid  A GUID specifying setup access permissions.
+
+  @retval TRUE     Current user has the privilege.
+  @retval FALSE    Current user does not have the privilege.
+**/
+BOOLEAN
+CheckUserPrivilege (
+  IN EFI_GUID *Guid
+  )
+{
+  EFI_STATUS                   Status;
+  EFI_USER_PROFILE_HANDLE      UserProfileHandle;
+  EFI_USER_INFO_HANDLE         UserInfoHandle;
+  EFI_USER_INFO                *UserInfo;
+  EFI_GUID                     *UserPermissionsGuid;
+  UINTN                        UserInfoSize;
+  UINTN                        AccessControlDataSize;
+  EFI_USER_INFO_ACCESS_CONTROL *AccessControl;
+  UINTN                        RemainSize;
+
+  if (mUserManager == NULL) {
+    Status = gBS->LocateProtocol (
+                    &gEfiUserManagerProtocolGuid,
+                    NULL,
+                    (VOID **) &mUserManager
+                    );
+    if (EFI_ERROR (Status)) {
+      ///
+      /// If the system does not support user management, then it is assumed that
+      /// all users have admin privilege and evaluation of each EFI_IFR_SECURITY
+      /// op-code is always TRUE.
+      ///
+      return TRUE;
+    }
+  }
+
+  Status = mUserManager->Current (mUserManager, &UserProfileHandle);
+  ASSERT_EFI_ERROR (Status);
+
+  ///
+  /// Enumerate all user information of the current user profile
+  /// to look for any EFI_USER_INFO_ACCESS_SETUP record.
+  ///
+  
+  for (UserInfoHandle = NULL;;) {
+    Status = mUserManager->GetNextInfo (mUserManager, UserProfileHandle, &UserInfoHandle);
+    if (EFI_ERROR (Status)) {
+      break;
+    }
+
+    UserInfoSize = 0;
+    Status = mUserManager->GetInfo (mUserManager, UserProfileHandle, UserInfoHandle, NULL, &UserInfoSize);
+    if (Status != EFI_BUFFER_TOO_SMALL) {
+      continue;
+    }
+
+    UserInfo = (EFI_USER_INFO *) AllocatePool (UserInfoSize);
+    if (UserInfo == NULL) {
+      break;
+    }
+
+    Status = mUserManager->GetInfo (mUserManager, UserProfileHandle, UserInfoHandle, UserInfo, &UserInfoSize);
+    if (EFI_ERROR (Status) ||
+        UserInfo->InfoType != EFI_USER_INFO_ACCESS_POLICY_RECORD ||
+        UserInfo->InfoSize <= sizeof (EFI_USER_INFO)) {
+      FreePool (UserInfo);
+      continue;
+    }
+
+    RemainSize = UserInfo->InfoSize - sizeof (EFI_USER_INFO);
+    AccessControl = (EFI_USER_INFO_ACCESS_CONTROL *)(UserInfo + 1);
+    while (RemainSize >= sizeof (EFI_USER_INFO_ACCESS_CONTROL)) {
+      if (RemainSize < AccessControl->Size || AccessControl->Size <= sizeof (EFI_USER_INFO_ACCESS_CONTROL)) {
+        break;
+      }
+      if (AccessControl->Type == EFI_USER_INFO_ACCESS_SETUP) {
+        ///
+        /// Check if current user has the privilege specified by the permissions GUID.
+        ///
+
+        UserPermissionsGuid = (EFI_GUID *)(AccessControl + 1);
+        AccessControlDataSize = AccessControl->Size - sizeof (EFI_USER_INFO_ACCESS_CONTROL);
+        while (AccessControlDataSize >= sizeof (EFI_GUID)) {
+          if (CompareGuid (Guid, UserPermissionsGuid)) {
+            FreePool (UserInfo);
+            return TRUE;
+          }
+          UserPermissionsGuid++;
+          AccessControlDataSize -= sizeof (EFI_GUID);
+        }
+      }
+      RemainSize -= AccessControl->Size;
+      AccessControl = (EFI_USER_INFO_ACCESS_CONTROL *)((UINT8 *)AccessControl + AccessControl->Size);
+    }
+
+    FreePool (UserInfo);
+  }
+  return FALSE;
+}

 /**
  Evaluate the result of a HII expression.
@@ -1428,6 +1530,10 @@ EvaluateExpression (
      Value = &Question->HiiValue;
      break;

+    case EFI_IFR_SECURITY_OP:
+      Value->Value.b = CheckUserPrivilege (&OpCode->Guid);
+      break;
+
    case EFI_IFR_QUESTION_REF3_OP:
      if (OpCode->DevicePath == 0) {
        //