Add IFR Security Op-code support in the Form Browser.

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@9492 6f19259b-4bc3-4df7-8a09-765794883524

1 files changed, 108 insertions, 2 deletions

diff --git a/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c b/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c
index 08e830b5d9..508a80524a 100644
--- a/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c
+++ b/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c
@@ -1,7 +1,7 @@
 /** @file

 Utility functions for expression evaluation.

 

-Copyright (c) 2007 - 2008, Intel Corporation

+Copyright (c) 2007 - 2009, Intel Corporation

 All rights reserved. This program and the accompanying materials

 are licensed and made available under the terms and conditions of the BSD License

 which accompanies this distribution.  The full text of the license may be found at

@@ -29,7 +29,7 @@ EFI_HII_VALUE *mExpressionEvaluationStackPointer = NULL;
 // Unicode collation protocol interface

 //

 EFI_UNICODE_COLLATION_PROTOCOL *mUnicodeCollation = NULL;

-

+EFI_USER_MANAGER_PROTOCOL      *mUserManager = NULL;

 

 /**

   Grow size of the stack.

@@ -1296,6 +1296,108 @@ CompareHiiValue (
   return Result;

 }

 

+/**

+  Check if current user has the privilege specified by the permissions GUID.

+

+  @param[in] Guid  A GUID specifying setup access permissions.

+

+  @retval TRUE     Current user has the privilege.

+  @retval FALSE    Current user does not have the privilege.

+**/

+BOOLEAN

+CheckUserPrivilege (

+  IN EFI_GUID *Guid

+  )

+{

+  EFI_STATUS                   Status;

+  EFI_USER_PROFILE_HANDLE      UserProfileHandle;

+  EFI_USER_INFO_HANDLE         UserInfoHandle;

+  EFI_USER_INFO                *UserInfo;

+  EFI_GUID                     *UserPermissionsGuid;

+  UINTN                        UserInfoSize;

+  UINTN                        AccessControlDataSize;

+  EFI_USER_INFO_ACCESS_CONTROL *AccessControl;

+  UINTN                        RemainSize;

+

+  if (mUserManager == NULL) {

+    Status = gBS->LocateProtocol (

+                    &gEfiUserManagerProtocolGuid,

+                    NULL,

+                    (VOID **) &mUserManager

+                    );

+    if (EFI_ERROR (Status)) {

+      ///

+      /// If the system does not support user management, then it is assumed that

+      /// all users have admin privilege and evaluation of each EFI_IFR_SECURITY

+      /// op-code is always TRUE.

+      ///

+      return TRUE;

+    }

+  }

+

+  Status = mUserManager->Current (mUserManager, &UserProfileHandle);

+  ASSERT_EFI_ERROR (Status);

+

+  ///

+  /// Enumerate all user information of the current user profile

+  /// to look for any EFI_USER_INFO_ACCESS_SETUP record.

+  ///

+  

+  for (UserInfoHandle = NULL;;) {

+    Status = mUserManager->GetNextInfo (mUserManager, UserProfileHandle, &UserInfoHandle);

+    if (EFI_ERROR (Status)) {

+      break;

+    }

+

+    UserInfoSize = 0;

+    Status = mUserManager->GetInfo (mUserManager, UserProfileHandle, UserInfoHandle, NULL, &UserInfoSize);

+    if (Status != EFI_BUFFER_TOO_SMALL) {

+      continue;

+    }

+

+    UserInfo = (EFI_USER_INFO *) AllocatePool (UserInfoSize);

+    if (UserInfo == NULL) {

+      break;

+    }

+

+    Status = mUserManager->GetInfo (mUserManager, UserProfileHandle, UserInfoHandle, UserInfo, &UserInfoSize);

+    if (EFI_ERROR (Status) ||

+        UserInfo->InfoType != EFI_USER_INFO_ACCESS_POLICY_RECORD ||

+        UserInfo->InfoSize <= sizeof (EFI_USER_INFO)) {

+      FreePool (UserInfo);

+      continue;

+    }

+

+    RemainSize = UserInfo->InfoSize - sizeof (EFI_USER_INFO);

+    AccessControl = (EFI_USER_INFO_ACCESS_CONTROL *)(UserInfo + 1);

+    while (RemainSize >= sizeof (EFI_USER_INFO_ACCESS_CONTROL)) {

+      if (RemainSize < AccessControl->Size || AccessControl->Size <= sizeof (EFI_USER_INFO_ACCESS_CONTROL)) {

+        break;

+      }

+      if (AccessControl->Type == EFI_USER_INFO_ACCESS_SETUP) {

+        ///

+        /// Check if current user has the privilege specified by the permissions GUID.

+        ///

+

+        UserPermissionsGuid = (EFI_GUID *)(AccessControl + 1);

+        AccessControlDataSize = AccessControl->Size - sizeof (EFI_USER_INFO_ACCESS_CONTROL);

+        while (AccessControlDataSize >= sizeof (EFI_GUID)) {

+          if (CompareGuid (Guid, UserPermissionsGuid)) {

+            FreePool (UserInfo);

+            return TRUE;

+          }

+          UserPermissionsGuid++;

+          AccessControlDataSize -= sizeof (EFI_GUID);

+        }

+      }

+      RemainSize -= AccessControl->Size;

+      AccessControl = (EFI_USER_INFO_ACCESS_CONTROL *)((UINT8 *)AccessControl + AccessControl->Size);

+    }

+

+    FreePool (UserInfo);

+  }

+  return FALSE;

+}

 

 /**

   Evaluate the result of a HII expression.

@@ -1428,6 +1530,10 @@ EvaluateExpression (
       Value = &Question->HiiValue;

       break;

 

+    case EFI_IFR_SECURITY_OP:

+      Value->Value.b = CheckUserPrivilege (&OpCode->Guid);

+      break;

+

     case EFI_IFR_QUESTION_REF3_OP:

       if (OpCode->DevicePath == 0) {

         //