From cbf73e503031172207d39cdabe3bf1b56d453997 Mon Sep 17 00:00:00 2001
From: rsun3 <rsun3@6f19259b-4bc3-4df7-8a09-765794883524>
Date: Thu, 26 Nov 2009 09:26:42 +0000
Subject: Add IFR Security Op-code support in the Form Browser.

git-svn-id: https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2@9492 6f19259b-4bc3-4df7-8a09-765794883524
---
 .../Universal/SetupBrowserDxe/Expression.c         | 110 ++++++++++++++++++++-
 1 file changed, 108 insertions(+), 2 deletions(-)

(limited to 'MdeModulePkg/Universal/SetupBrowserDxe/Expression.c')

diff --git a/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c b/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c
index 08e830b5d9..508a80524a 100644
--- a/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c
+++ b/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c
@@ -1,7 +1,7 @@
 /** @file
 Utility functions for expression evaluation.
 
-Copyright (c) 2007 - 2008, Intel Corporation
+Copyright (c) 2007 - 2009, Intel Corporation
 All rights reserved. This program and the accompanying materials
 are licensed and made available under the terms and conditions of the BSD License
 which accompanies this distribution.  The full text of the license may be found at
@@ -29,7 +29,7 @@ EFI_HII_VALUE *mExpressionEvaluationStackPointer = NULL;
 // Unicode collation protocol interface
 //
 EFI_UNICODE_COLLATION_PROTOCOL *mUnicodeCollation = NULL;
-
+EFI_USER_MANAGER_PROTOCOL      *mUserManager = NULL;
 
 /**
   Grow size of the stack.
@@ -1296,6 +1296,108 @@ CompareHiiValue (
   return Result;
 }
 
+/**
+  Check if current user has the privilege specified by the permissions GUID.
+
+  @param[in] Guid  A GUID specifying setup access permissions.
+
+  @retval TRUE     Current user has the privilege.
+  @retval FALSE    Current user does not have the privilege.
+**/
+BOOLEAN
+CheckUserPrivilege (
+  IN EFI_GUID *Guid
+  )
+{
+  EFI_STATUS                   Status;
+  EFI_USER_PROFILE_HANDLE      UserProfileHandle;
+  EFI_USER_INFO_HANDLE         UserInfoHandle;
+  EFI_USER_INFO                *UserInfo;
+  EFI_GUID                     *UserPermissionsGuid;
+  UINTN                        UserInfoSize;
+  UINTN                        AccessControlDataSize;
+  EFI_USER_INFO_ACCESS_CONTROL *AccessControl;
+  UINTN                        RemainSize;
+
+  if (mUserManager == NULL) {
+    Status = gBS->LocateProtocol (
+                    &gEfiUserManagerProtocolGuid,
+                    NULL,
+                    (VOID **) &mUserManager
+                    );
+    if (EFI_ERROR (Status)) {
+      ///
+      /// If the system does not support user management, then it is assumed that
+      /// all users have admin privilege and evaluation of each EFI_IFR_SECURITY
+      /// op-code is always TRUE.
+      ///
+      return TRUE;
+    }
+  }
+
+  Status = mUserManager->Current (mUserManager, &UserProfileHandle);
+  ASSERT_EFI_ERROR (Status);
+
+  ///
+  /// Enumerate all user information of the current user profile
+  /// to look for any EFI_USER_INFO_ACCESS_SETUP record.
+  ///
+  
+  for (UserInfoHandle = NULL;;) {
+    Status = mUserManager->GetNextInfo (mUserManager, UserProfileHandle, &UserInfoHandle);
+    if (EFI_ERROR (Status)) {
+      break;
+    }
+
+    UserInfoSize = 0;
+    Status = mUserManager->GetInfo (mUserManager, UserProfileHandle, UserInfoHandle, NULL, &UserInfoSize);
+    if (Status != EFI_BUFFER_TOO_SMALL) {
+      continue;
+    }
+
+    UserInfo = (EFI_USER_INFO *) AllocatePool (UserInfoSize);
+    if (UserInfo == NULL) {
+      break;
+    }
+
+    Status = mUserManager->GetInfo (mUserManager, UserProfileHandle, UserInfoHandle, UserInfo, &UserInfoSize);
+    if (EFI_ERROR (Status) ||
+        UserInfo->InfoType != EFI_USER_INFO_ACCESS_POLICY_RECORD ||
+        UserInfo->InfoSize <= sizeof (EFI_USER_INFO)) {
+      FreePool (UserInfo);
+      continue;
+    }
+
+    RemainSize = UserInfo->InfoSize - sizeof (EFI_USER_INFO);
+    AccessControl = (EFI_USER_INFO_ACCESS_CONTROL *)(UserInfo + 1);
+    while (RemainSize >= sizeof (EFI_USER_INFO_ACCESS_CONTROL)) {
+      if (RemainSize < AccessControl->Size || AccessControl->Size <= sizeof (EFI_USER_INFO_ACCESS_CONTROL)) {
+        break;
+      }
+      if (AccessControl->Type == EFI_USER_INFO_ACCESS_SETUP) {
+        ///
+        /// Check if current user has the privilege specified by the permissions GUID.
+        ///
+
+        UserPermissionsGuid = (EFI_GUID *)(AccessControl + 1);
+        AccessControlDataSize = AccessControl->Size - sizeof (EFI_USER_INFO_ACCESS_CONTROL);
+        while (AccessControlDataSize >= sizeof (EFI_GUID)) {
+          if (CompareGuid (Guid, UserPermissionsGuid)) {
+            FreePool (UserInfo);
+            return TRUE;
+          }
+          UserPermissionsGuid++;
+          AccessControlDataSize -= sizeof (EFI_GUID);
+        }
+      }
+      RemainSize -= AccessControl->Size;
+      AccessControl = (EFI_USER_INFO_ACCESS_CONTROL *)((UINT8 *)AccessControl + AccessControl->Size);
+    }
+
+    FreePool (UserInfo);
+  }
+  return FALSE;
+}
 
 /**
   Evaluate the result of a HII expression.
@@ -1428,6 +1530,10 @@ EvaluateExpression (
       Value = &Question->HiiValue;
       break;
 
+    case EFI_IFR_SECURITY_OP:
+      Value->Value.b = CheckUserPrivilege (&OpCode->Guid);
+      break;
+
     case EFI_IFR_QUESTION_REF3_OP:
       if (OpCode->DevicePath == 0) {
         //
-- 
cgit v1.2.3