summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--MdeModulePkg/Universal/SetupBrowserDxe/Expression.c110
-rw-r--r--MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c8
-rw-r--r--MdeModulePkg/Universal/SetupBrowserDxe/Setup.h1
-rw-r--r--MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf1
4 files changed, 116 insertions, 4 deletions
diff --git a/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c b/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c
index 08e830b..508a805 100644
--- a/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c
+++ b/MdeModulePkg/Universal/SetupBrowserDxe/Expression.c
@@ -1,7 +1,7 @@
/** @file
Utility functions for expression evaluation.
-Copyright (c) 2007 - 2008, Intel Corporation
+Copyright (c) 2007 - 2009, Intel Corporation
All rights reserved. This program and the accompanying materials
are licensed and made available under the terms and conditions of the BSD License
which accompanies this distribution. The full text of the license may be found at
@@ -29,7 +29,7 @@ EFI_HII_VALUE *mExpressionEvaluationStackPointer = NULL;
// Unicode collation protocol interface
//
EFI_UNICODE_COLLATION_PROTOCOL *mUnicodeCollation = NULL;
-
+EFI_USER_MANAGER_PROTOCOL *mUserManager = NULL;
/**
Grow size of the stack.
@@ -1296,6 +1296,108 @@ CompareHiiValue (
return Result;
}
+/**
+ Check if current user has the privilege specified by the permissions GUID.
+
+ @param[in] Guid A GUID specifying setup access permissions.
+
+ @retval TRUE Current user has the privilege.
+ @retval FALSE Current user does not have the privilege.
+**/
+BOOLEAN
+CheckUserPrivilege (
+ IN EFI_GUID *Guid
+ )
+{
+ EFI_STATUS Status;
+ EFI_USER_PROFILE_HANDLE UserProfileHandle;
+ EFI_USER_INFO_HANDLE UserInfoHandle;
+ EFI_USER_INFO *UserInfo;
+ EFI_GUID *UserPermissionsGuid;
+ UINTN UserInfoSize;
+ UINTN AccessControlDataSize;
+ EFI_USER_INFO_ACCESS_CONTROL *AccessControl;
+ UINTN RemainSize;
+
+ if (mUserManager == NULL) {
+ Status = gBS->LocateProtocol (
+ &gEfiUserManagerProtocolGuid,
+ NULL,
+ (VOID **) &mUserManager
+ );
+ if (EFI_ERROR (Status)) {
+ ///
+ /// If the system does not support user management, then it is assumed that
+ /// all users have admin privilege and evaluation of each EFI_IFR_SECURITY
+ /// op-code is always TRUE.
+ ///
+ return TRUE;
+ }
+ }
+
+ Status = mUserManager->Current (mUserManager, &UserProfileHandle);
+ ASSERT_EFI_ERROR (Status);
+
+ ///
+ /// Enumerate all user information of the current user profile
+ /// to look for any EFI_USER_INFO_ACCESS_SETUP record.
+ ///
+
+ for (UserInfoHandle = NULL;;) {
+ Status = mUserManager->GetNextInfo (mUserManager, UserProfileHandle, &UserInfoHandle);
+ if (EFI_ERROR (Status)) {
+ break;
+ }
+
+ UserInfoSize = 0;
+ Status = mUserManager->GetInfo (mUserManager, UserProfileHandle, UserInfoHandle, NULL, &UserInfoSize);
+ if (Status != EFI_BUFFER_TOO_SMALL) {
+ continue;
+ }
+
+ UserInfo = (EFI_USER_INFO *) AllocatePool (UserInfoSize);
+ if (UserInfo == NULL) {
+ break;
+ }
+
+ Status = mUserManager->GetInfo (mUserManager, UserProfileHandle, UserInfoHandle, UserInfo, &UserInfoSize);
+ if (EFI_ERROR (Status) ||
+ UserInfo->InfoType != EFI_USER_INFO_ACCESS_POLICY_RECORD ||
+ UserInfo->InfoSize <= sizeof (EFI_USER_INFO)) {
+ FreePool (UserInfo);
+ continue;
+ }
+
+ RemainSize = UserInfo->InfoSize - sizeof (EFI_USER_INFO);
+ AccessControl = (EFI_USER_INFO_ACCESS_CONTROL *)(UserInfo + 1);
+ while (RemainSize >= sizeof (EFI_USER_INFO_ACCESS_CONTROL)) {
+ if (RemainSize < AccessControl->Size || AccessControl->Size <= sizeof (EFI_USER_INFO_ACCESS_CONTROL)) {
+ break;
+ }
+ if (AccessControl->Type == EFI_USER_INFO_ACCESS_SETUP) {
+ ///
+ /// Check if current user has the privilege specified by the permissions GUID.
+ ///
+
+ UserPermissionsGuid = (EFI_GUID *)(AccessControl + 1);
+ AccessControlDataSize = AccessControl->Size - sizeof (EFI_USER_INFO_ACCESS_CONTROL);
+ while (AccessControlDataSize >= sizeof (EFI_GUID)) {
+ if (CompareGuid (Guid, UserPermissionsGuid)) {
+ FreePool (UserInfo);
+ return TRUE;
+ }
+ UserPermissionsGuid++;
+ AccessControlDataSize -= sizeof (EFI_GUID);
+ }
+ }
+ RemainSize -= AccessControl->Size;
+ AccessControl = (EFI_USER_INFO_ACCESS_CONTROL *)((UINT8 *)AccessControl + AccessControl->Size);
+ }
+
+ FreePool (UserInfo);
+ }
+ return FALSE;
+}
/**
Evaluate the result of a HII expression.
@@ -1428,6 +1530,10 @@ EvaluateExpression (
Value = &Question->HiiValue;
break;
+ case EFI_IFR_SECURITY_OP:
+ Value->Value.b = CheckUserPrivilege (&OpCode->Guid);
+ break;
+
case EFI_IFR_QUESTION_REF3_OP:
if (OpCode->DevicePath == 0) {
//
diff --git a/MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c b/MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c
index c0b2de7..161e154 100644
--- a/MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c
+++ b/MdeModulePkg/Universal/SetupBrowserDxe/IfrParse.c
@@ -747,8 +747,8 @@ IsExpressionOpCode (
(Operand == EFI_IFR_CATENATE_OP) ||
(Operand == EFI_IFR_TO_LOWER_OP) ||
(Operand == EFI_IFR_TO_UPPER_OP) ||
- (Operand == EFI_IFR_VERSION_OP)
- ) {
+ (Operand == EFI_IFR_VERSION_OP) ||
+ (Operand == EFI_IFR_SECURITY_OP)) {
return TRUE;
} else {
return FALSE;
@@ -982,6 +982,10 @@ ParseOpCodes (
ExpressionOpCode->QuestionId = CurrentStatement->QuestionId;
break;
+ case EFI_IFR_SECURITY_OP:
+ CopyMem (&ExpressionOpCode->Guid, &((EFI_IFR_SECURITY *) OpCodeData)->Permissions, sizeof (EFI_GUID));
+ break;
+
case EFI_IFR_QUESTION_REF1_OP:
CopyMem (&ExpressionOpCode->QuestionId, &((EFI_IFR_EQ_ID_VAL_LIST *) OpCodeData)->QuestionId, sizeof (EFI_QUESTION_ID));
break;
diff --git a/MdeModulePkg/Universal/SetupBrowserDxe/Setup.h b/MdeModulePkg/Universal/SetupBrowserDxe/Setup.h
index 041e1b8..b5cbc67 100644
--- a/MdeModulePkg/Universal/SetupBrowserDxe/Setup.h
+++ b/MdeModulePkg/Universal/SetupBrowserDxe/Setup.h
@@ -28,6 +28,7 @@ WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
#include <Protocol/HiiConfigRouting.h>
#include <Protocol/HiiDatabase.h>
#include <Protocol/HiiString.h>
+#include <Protocol/UserManager.h>
#include <Guid/MdeModuleHii.h>
#include <Guid/HiiPlatformSetupFormset.h>
diff --git a/MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf b/MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
index a4305aa..77b0d52 100644
--- a/MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
+++ b/MdeModulePkg/Universal/SetupBrowserDxe/SetupBrowserDxe.inf
@@ -72,6 +72,7 @@
gEfiHiiConfigRoutingProtocolGuid ## CONSUMES
gEfiHiiDatabaseProtocolGuid ## CONSUMES
gEfiUnicodeCollation2ProtocolGuid ## CONSUMES
+ gEfiUserManagerProtocolGuid ## SOMETIMES_CONSUMES
[FeaturePcd.common]
gEfiMdeModulePkgTokenSpaceGuid.PcdFrameworkCompatibilitySupport