/** @file\r
Utility functions for expression evaluation.\r
\r
-Copyright (c) 2007 - 2008, Intel Corporation\r
+Copyright (c) 2007 - 2009, Intel Corporation\r
All rights reserved. This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution. The full text of the license may be found at\r
// Unicode collation protocol interface\r
//\r
EFI_UNICODE_COLLATION_PROTOCOL *mUnicodeCollation = NULL;\r
-\r
+EFI_USER_MANAGER_PROTOCOL *mUserManager = NULL;\r
\r
/**\r
Grow size of the stack.\r
return Result;\r
}\r
\r
+/**\r
+ Check if current user has the privilege specified by the permissions GUID.\r
+\r
+ @param[in] Guid A GUID specifying setup access permissions.\r
+\r
+ @retval TRUE Current user has the privilege.\r
+ @retval FALSE Current user does not have the privilege.\r
+**/\r
+BOOLEAN\r
+CheckUserPrivilege (\r
+ IN EFI_GUID *Guid\r
+ )\r
+{\r
+ EFI_STATUS Status;\r
+ EFI_USER_PROFILE_HANDLE UserProfileHandle;\r
+ EFI_USER_INFO_HANDLE UserInfoHandle;\r
+ EFI_USER_INFO *UserInfo;\r
+ EFI_GUID *UserPermissionsGuid;\r
+ UINTN UserInfoSize;\r
+ UINTN AccessControlDataSize;\r
+ EFI_USER_INFO_ACCESS_CONTROL *AccessControl;\r
+ UINTN RemainSize;\r
+\r
+ if (mUserManager == NULL) {\r
+ Status = gBS->LocateProtocol (\r
+ &gEfiUserManagerProtocolGuid,\r
+ NULL,\r
+ (VOID **) &mUserManager\r
+ );\r
+ if (EFI_ERROR (Status)) {\r
+ ///\r
+ /// If the system does not support user management, then it is assumed that\r
+ /// all users have admin privilege and evaluation of each EFI_IFR_SECURITY\r
+ /// op-code is always TRUE.\r
+ ///\r
+ return TRUE;\r
+ }\r
+ }\r
+\r
+ Status = mUserManager->Current (mUserManager, &UserProfileHandle);\r
+ ASSERT_EFI_ERROR (Status);\r
+\r
+ ///\r
+ /// Enumerate all user information of the current user profile\r
+ /// to look for any EFI_USER_INFO_ACCESS_SETUP record.\r
+ ///\r
+ \r
+ for (UserInfoHandle = NULL;;) {\r
+ Status = mUserManager->GetNextInfo (mUserManager, UserProfileHandle, &UserInfoHandle);\r
+ if (EFI_ERROR (Status)) {\r
+ break;\r
+ }\r
+\r
+ UserInfoSize = 0;\r
+ Status = mUserManager->GetInfo (mUserManager, UserProfileHandle, UserInfoHandle, NULL, &UserInfoSize);\r
+ if (Status != EFI_BUFFER_TOO_SMALL) {\r
+ continue;\r
+ }\r
+\r
+ UserInfo = (EFI_USER_INFO *) AllocatePool (UserInfoSize);\r
+ if (UserInfo == NULL) {\r
+ break;\r
+ }\r
+\r
+ Status = mUserManager->GetInfo (mUserManager, UserProfileHandle, UserInfoHandle, UserInfo, &UserInfoSize);\r
+ if (EFI_ERROR (Status) ||\r
+ UserInfo->InfoType != EFI_USER_INFO_ACCESS_POLICY_RECORD ||\r
+ UserInfo->InfoSize <= sizeof (EFI_USER_INFO)) {\r
+ FreePool (UserInfo);\r
+ continue;\r
+ }\r
+\r
+ RemainSize = UserInfo->InfoSize - sizeof (EFI_USER_INFO);\r
+ AccessControl = (EFI_USER_INFO_ACCESS_CONTROL *)(UserInfo + 1);\r
+ while (RemainSize >= sizeof (EFI_USER_INFO_ACCESS_CONTROL)) {\r
+ if (RemainSize < AccessControl->Size || AccessControl->Size <= sizeof (EFI_USER_INFO_ACCESS_CONTROL)) {\r
+ break;\r
+ }\r
+ if (AccessControl->Type == EFI_USER_INFO_ACCESS_SETUP) {\r
+ ///\r
+ /// Check if current user has the privilege specified by the permissions GUID.\r
+ ///\r
+\r
+ UserPermissionsGuid = (EFI_GUID *)(AccessControl + 1);\r
+ AccessControlDataSize = AccessControl->Size - sizeof (EFI_USER_INFO_ACCESS_CONTROL);\r
+ while (AccessControlDataSize >= sizeof (EFI_GUID)) {\r
+ if (CompareGuid (Guid, UserPermissionsGuid)) {\r
+ FreePool (UserInfo);\r
+ return TRUE;\r
+ }\r
+ UserPermissionsGuid++;\r
+ AccessControlDataSize -= sizeof (EFI_GUID);\r
+ }\r
+ }\r
+ RemainSize -= AccessControl->Size;\r
+ AccessControl = (EFI_USER_INFO_ACCESS_CONTROL *)((UINT8 *)AccessControl + AccessControl->Size);\r
+ }\r
+\r
+ FreePool (UserInfo);\r
+ }\r
+ return FALSE;\r
+}\r
\r
/**\r
Evaluate the result of a HII expression.\r
Value = &Question->HiiValue;\r
break;\r
\r
+ case EFI_IFR_SECURITY_OP:\r
+ Value->Value.b = CheckUserPrivilege (&OpCode->Guid);\r
+ break;\r
+\r
case EFI_IFR_QUESTION_REF3_OP:\r
if (OpCode->DevicePath == 0) {\r
//\r
projects / mirror_edk2.git / commitdiff