2 The functions for access policy modification.
4 Copyright (c) 2009 - 2013, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
15 #include "UserProfileManager.h"
18 Collect all the access policy data to mUserInfo.AccessPolicy,
19 and save it to user profile.
30 EFI_USER_INFO_ACCESS_CONTROL Control
;
31 EFI_USER_INFO_HANDLE UserInfo
;
34 if (mUserInfo
.AccessPolicy
!= NULL
) {
35 FreePool (mUserInfo
.AccessPolicy
);
37 mUserInfo
.AccessPolicy
= NULL
;
38 mUserInfo
.AccessPolicyLen
= 0;
39 mUserInfo
.AccessPolicyModified
= TRUE
;
45 Size
= sizeof (EFI_USER_INFO_ACCESS_CONTROL
);
46 if (mUserInfo
.AccessPolicyLen
- OffSet
< Size
) {
47 ExpandMemory (OffSet
, Size
);
50 Control
.Type
= mAccessInfo
.AccessRight
;
51 Control
.Size
= (UINT32
) Size
;
52 CopyMem (mUserInfo
.AccessPolicy
+ OffSet
, &Control
, sizeof (Control
));
53 OffSet
+= sizeof (Control
);
58 Size
= sizeof (EFI_USER_INFO_ACCESS_CONTROL
) + sizeof (EFI_GUID
);
59 if (mUserInfo
.AccessPolicyLen
- OffSet
< Size
) {
60 ExpandMemory (OffSet
, Size
);
63 Control
.Type
= EFI_USER_INFO_ACCESS_SETUP
;
64 Control
.Size
= (UINT32
) Size
;
65 CopyMem (mUserInfo
.AccessPolicy
+ OffSet
, &Control
, sizeof (Control
));
66 OffSet
+= sizeof (Control
);
68 if (mAccessInfo
.AccessSetup
== ACCESS_SETUP_NORMAL
) {
69 CopyGuid ((EFI_GUID
*) (mUserInfo
.AccessPolicy
+ OffSet
), &gEfiUserInfoAccessSetupNormalGuid
);
70 } else if (mAccessInfo
.AccessSetup
== ACCESS_SETUP_RESTRICTED
) {
71 CopyGuid ((EFI_GUID
*) (mUserInfo
.AccessPolicy
+ OffSet
), &gEfiUserInfoAccessSetupRestrictedGuid
);
72 } else if (mAccessInfo
.AccessSetup
== ACCESS_SETUP_ADMIN
) {
73 CopyGuid ((EFI_GUID
*) (mUserInfo
.AccessPolicy
+ OffSet
), &gEfiUserInfoAccessSetupAdminGuid
);
75 OffSet
+= sizeof (EFI_GUID
);
78 // Save access of boot order.
80 Size
= sizeof (EFI_USER_INFO_ACCESS_CONTROL
) + sizeof (UINT32
);
81 if (mUserInfo
.AccessPolicyLen
- OffSet
< Size
) {
82 ExpandMemory (OffSet
, Size
);
85 Control
.Type
= EFI_USER_INFO_ACCESS_BOOT_ORDER
;
86 Control
.Size
= (UINT32
) Size
;
87 CopyMem (mUserInfo
.AccessPolicy
+ OffSet
, &Control
, sizeof (Control
));
88 OffSet
+= sizeof (Control
);
90 CopyMem ((UINT8
*) (mUserInfo
.AccessPolicy
+ OffSet
), &mAccessInfo
.AccessBootOrder
, sizeof (UINT32
));
91 OffSet
+= sizeof (UINT32
);
96 if (mAccessInfo
.LoadPermitLen
> 0) {
97 Size
= sizeof (EFI_USER_INFO_ACCESS_CONTROL
) + mAccessInfo
.LoadPermitLen
;
98 if (mUserInfo
.AccessPolicyLen
- OffSet
< Size
) {
99 ExpandMemory (OffSet
, Size
);
102 Control
.Type
= EFI_USER_INFO_ACCESS_PERMIT_LOAD
;
103 Control
.Size
= (UINT32
) Size
;
104 CopyMem (mUserInfo
.AccessPolicy
+ OffSet
, &Control
, sizeof (Control
));
105 OffSet
+= sizeof (Control
);
107 CopyMem (mUserInfo
.AccessPolicy
+ OffSet
, mAccessInfo
.LoadPermit
, mAccessInfo
.LoadPermitLen
);
108 OffSet
+= mAccessInfo
.LoadPermitLen
;
114 if (mAccessInfo
.LoadForbidLen
> 0) {
115 Size
= sizeof (EFI_USER_INFO_ACCESS_CONTROL
) + mAccessInfo
.LoadForbidLen
;
116 if (mUserInfo
.AccessPolicyLen
- OffSet
< Size
) {
117 ExpandMemory (OffSet
, Size
);
120 Control
.Type
= EFI_USER_INFO_ACCESS_FORBID_LOAD
;
121 Control
.Size
= (UINT32
) Size
;
122 CopyMem (mUserInfo
.AccessPolicy
+ OffSet
, &Control
, sizeof (Control
));
123 OffSet
+= sizeof (Control
);
125 CopyMem (mUserInfo
.AccessPolicy
+ OffSet
, mAccessInfo
.LoadForbid
, mAccessInfo
.LoadForbidLen
);
126 OffSet
+= mAccessInfo
.LoadForbidLen
;
130 // Save permit connect.
132 if (mAccessInfo
.ConnectPermitLen
> 0) {
133 Size
= sizeof (EFI_USER_INFO_ACCESS_CONTROL
) + mAccessInfo
.ConnectPermitLen
;
134 if (mUserInfo
.AccessPolicyLen
- OffSet
< Size
) {
135 ExpandMemory (OffSet
, Size
);
138 Control
.Type
= EFI_USER_INFO_ACCESS_PERMIT_CONNECT
;
139 Control
.Size
= (UINT32
) Size
;
140 CopyMem (mUserInfo
.AccessPolicy
+ OffSet
, &Control
, sizeof (Control
));
141 OffSet
+= sizeof (Control
);
143 CopyMem (mUserInfo
.AccessPolicy
+ OffSet
, mAccessInfo
.ConnectPermit
, mAccessInfo
.ConnectPermitLen
);
144 OffSet
+= mAccessInfo
.ConnectPermitLen
;
148 // Save forbid connect.
150 if (mAccessInfo
.ConnectForbidLen
> 0) {
151 Size
= sizeof (EFI_USER_INFO_ACCESS_CONTROL
) + mAccessInfo
.ConnectForbidLen
;
152 if (mUserInfo
.AccessPolicyLen
- OffSet
< Size
) {
153 ExpandMemory (OffSet
, Size
);
156 Control
.Type
= EFI_USER_INFO_ACCESS_FORBID_CONNECT
;
157 Control
.Size
= (UINT32
) Size
;
158 CopyMem (mUserInfo
.AccessPolicy
+ OffSet
, &Control
, sizeof (Control
));
159 OffSet
+= sizeof (Control
);
161 CopyMem (mUserInfo
.AccessPolicy
+ OffSet
, mAccessInfo
.ConnectForbid
, mAccessInfo
.ConnectForbidLen
);
162 OffSet
+= mAccessInfo
.ConnectForbidLen
;
165 mUserInfo
.AccessPolicyLen
= OffSet
;
168 // Save access policy.
170 if (mUserInfo
.AccessPolicyModified
&& (mUserInfo
.AccessPolicyLen
> 0) && (mUserInfo
.AccessPolicy
!= NULL
)) {
171 Info
= AllocateZeroPool (sizeof (EFI_USER_INFO
) + mUserInfo
.AccessPolicyLen
);
176 Status
= FindInfoByType (mModifyUser
, EFI_USER_INFO_ACCESS_POLICY_RECORD
, &UserInfo
);
177 if (!EFI_ERROR (Status
)) {
178 Info
->InfoType
= EFI_USER_INFO_ACCESS_POLICY_RECORD
;
179 Info
->InfoAttribs
= EFI_USER_INFO_STORAGE_PLATFORM_NV
|
180 EFI_USER_INFO_PUBLIC
|
181 EFI_USER_INFO_EXCLUSIVE
;
182 Info
->InfoSize
= (UINT32
) (sizeof (EFI_USER_INFO
) + mUserInfo
.AccessPolicyLen
);
183 CopyMem ((UINT8
*) (Info
+ 1), mUserInfo
.AccessPolicy
, mUserInfo
.AccessPolicyLen
);
184 Status
= mUserManager
->SetInfo (
191 mUserInfo
.AccessPolicyModified
= FALSE
;
196 if (mAccessInfo
.ConnectForbid
!= NULL
) {
197 FreePool (mAccessInfo
.ConnectForbid
);
198 mAccessInfo
.ConnectForbid
= NULL
;
201 if (mAccessInfo
.ConnectPermit
!= NULL
) {
202 FreePool (mAccessInfo
.ConnectPermit
);
203 mAccessInfo
.ConnectPermit
= NULL
;
206 if (mAccessInfo
.LoadForbid
!= NULL
) {
207 FreePool (mAccessInfo
.LoadForbid
);
208 mAccessInfo
.LoadForbid
= NULL
;
211 if (mAccessInfo
.LoadPermit
!= NULL
) {
212 FreePool (mAccessInfo
.LoadPermit
);
213 mAccessInfo
.LoadPermit
= NULL
;
218 Create an action OpCode with QuestionID and DevicePath on a given OpCodeHandle.
220 @param[in] QuestionID The question ID.
221 @param[in] DevicePath Points to device path.
222 @param[in] OpCodeHandle Points to container for dynamic created opcodes.
228 IN EFI_DEVICE_PATH_PROTOCOL
*DevicePath
,
229 IN VOID
*OpCodeHandle
232 EFI_DEVICE_PATH_PROTOCOL
*Next
;
233 EFI_STRING_ID NameID
;
234 EFI_STRING DriverName
;
237 // Get driver file name node.
240 while (!IsDevicePathEnd (Next
)) {
242 Next
= NextDevicePathNode (Next
);
246 // Display the device path in form.
248 DriverName
= ConvertDevicePathToText (DevicePath
, FALSE
, FALSE
);
249 NameID
= HiiSetString (mCallbackInfo
->HiiHandle
, 0, DriverName
, NULL
);
250 FreePool (DriverName
);
255 HiiCreateActionOpCode (
256 OpCodeHandle
, // Container for dynamic created opcodes
257 (UINT16
) QuestionID
, // Question ID
258 NameID
, // Prompt text
259 STRING_TOKEN (STR_NULL_STRING
), // Help text
260 EFI_IFR_FLAG_CALLBACK
, // Question flag
261 0 // Action String ID
267 Check whether the DevicePath is in the device path forbid list
268 (mAccessInfo.LoadForbid).
270 @param[in] DevicePath Points to device path.
272 @retval TRUE The DevicePath is in the device path forbid list.
273 @retval FALSE The DevicePath is not in the device path forbid list.
278 IN EFI_DEVICE_PATH_PROTOCOL
*DevicePath
284 EFI_DEVICE_PATH_PROTOCOL
*Dp
;
287 Size
= GetDevicePathSize (DevicePath
);
289 // Check each device path.
291 while (OffSet
< mAccessInfo
.LoadForbidLen
) {
292 Dp
= (EFI_DEVICE_PATH_PROTOCOL
*) (mAccessInfo
.LoadForbid
+ OffSet
);
293 DPSize
= GetDevicePathSize (Dp
);
295 // Compare device path.
297 if ((DPSize
== Size
) && (CompareMem (DevicePath
, Dp
, Size
) == 0)) {
307 Display the permit load device path in the loadable device path list.
323 VOID
*StartOpCodeHandle
;
324 VOID
*EndOpCodeHandle
;
325 EFI_IFR_GUID_LABEL
*StartLabel
;
326 EFI_IFR_GUID_LABEL
*EndLabel
;
332 Status
= gRT
->GetVariable (
334 &gEfiGlobalVariableGuid
,
339 if (Status
!= EFI_BUFFER_TOO_SMALL
) {
343 Order
= AllocateZeroPool (OrderSize
);
348 Status
= gRT
->GetVariable (
350 &gEfiGlobalVariableGuid
,
355 if (EFI_ERROR (Status
)) {
360 // Initialize the container for dynamic opcodes.
362 StartOpCodeHandle
= HiiAllocateOpCodeHandle ();
363 ASSERT (StartOpCodeHandle
!= NULL
);
365 EndOpCodeHandle
= HiiAllocateOpCodeHandle ();
366 ASSERT (EndOpCodeHandle
!= NULL
);
369 // Create Hii Extend Label OpCode.
371 StartLabel
= (EFI_IFR_GUID_LABEL
*) HiiCreateGuidOpCode (
375 sizeof (EFI_IFR_GUID_LABEL
)
377 StartLabel
->ExtendOpCode
= EFI_IFR_EXTEND_OP_LABEL
;
378 StartLabel
->Number
= LABEL_PERMIT_LOAD_FUNC
;
380 EndLabel
= (EFI_IFR_GUID_LABEL
*) HiiCreateGuidOpCode (
384 sizeof (EFI_IFR_GUID_LABEL
)
386 EndLabel
->ExtendOpCode
= EFI_IFR_EXTEND_OP_LABEL
;
387 EndLabel
->Number
= LABEL_END
;
390 // Add each driver option.
393 ListCount
= OrderSize
/ sizeof (UINT16
);
394 for (Index
= 0; Index
< ListCount
; Index
++) {
396 // Get driver device path.
398 UnicodeSPrint (VarName
, sizeof (VarName
), L
"Driver%04x", Order
[Index
]);
399 GetEfiGlobalVariable2 (VarName
, (VOID
**)&Var
, NULL
);
405 // Check whether the driver is already forbidden.
412 VarPtr
+= sizeof (UINT32
);
415 // Skip device path lenth.
417 VarPtr
+= sizeof (UINT16
);
420 // Skip descript string.
422 VarPtr
+= StrSize ((UINT16
*) VarPtr
);
424 if (IsLoadForbidden ((EFI_DEVICE_PATH_PROTOCOL
*) VarPtr
)) {
431 KEY_MODIFY_USER
| KEY_MODIFY_AP_DP
| KEY_LOAD_PERMIT_MODIFY
| Order
[Index
],
432 (EFI_DEVICE_PATH_PROTOCOL
*) VarPtr
,
440 mCallbackInfo
->HiiHandle
, // HII handle
441 &gUserProfileManagerGuid
, // Formset GUID
442 FORMID_PERMIT_LOAD_DP
, // Form ID
443 StartOpCodeHandle
, // Label for where to insert opcodes
444 EndOpCodeHandle
// Replace data
447 HiiFreeOpCodeHandle (StartOpCodeHandle
);
448 HiiFreeOpCodeHandle (EndOpCodeHandle
);
451 // Clear Environment.
461 Display the forbid load device path list (mAccessInfo.LoadForbid).
472 EFI_DEVICE_PATH_PROTOCOL
*Dp
;
473 VOID
*StartOpCodeHandle
;
474 VOID
*EndOpCodeHandle
;
475 EFI_IFR_GUID_LABEL
*StartLabel
;
476 EFI_IFR_GUID_LABEL
*EndLabel
;
479 // Initialize the container for dynamic opcodes.
481 StartOpCodeHandle
= HiiAllocateOpCodeHandle ();
482 ASSERT (StartOpCodeHandle
!= NULL
);
484 EndOpCodeHandle
= HiiAllocateOpCodeHandle ();
485 ASSERT (EndOpCodeHandle
!= NULL
);
488 // Create Hii Extend Label OpCode.
490 StartLabel
= (EFI_IFR_GUID_LABEL
*) HiiCreateGuidOpCode (
494 sizeof (EFI_IFR_GUID_LABEL
)
496 StartLabel
->ExtendOpCode
= EFI_IFR_EXTEND_OP_LABEL
;
497 StartLabel
->Number
= LABLE_FORBID_LOAD_FUNC
;
499 EndLabel
= (EFI_IFR_GUID_LABEL
*) HiiCreateGuidOpCode (
503 sizeof (EFI_IFR_GUID_LABEL
)
505 EndLabel
->ExtendOpCode
= EFI_IFR_EXTEND_OP_LABEL
;
506 EndLabel
->Number
= LABEL_END
;
509 // Add each forbid load drivers.
513 while (Offset
< mAccessInfo
.LoadForbidLen
) {
514 Dp
= (EFI_DEVICE_PATH_PROTOCOL
*) (mAccessInfo
.LoadForbid
+ Offset
);
515 DPSize
= GetDevicePathSize (Dp
);
517 KEY_MODIFY_USER
| KEY_MODIFY_AP_DP
| KEY_LOAD_FORBID_MODIFY
| Index
,
526 mCallbackInfo
->HiiHandle
, // HII handle
527 &gUserProfileManagerGuid
, // Formset GUID
528 FORMID_FORBID_LOAD_DP
, // Form ID
529 StartOpCodeHandle
, // Label for where to insert opcodes
530 EndOpCodeHandle
// Replace data
533 HiiFreeOpCodeHandle (StartOpCodeHandle
);
534 HiiFreeOpCodeHandle (EndOpCodeHandle
);
539 Display the permit connect device path.
543 DisplayConnectPermit (
549 // As no architect protocol/interface to be called in ConnectController()
550 // to verify the device path, just add a place holder for permitted connect
557 Display the forbid connect device path list.
561 DisplayConnectForbid (
567 // As no architect protocol/interface to be called in ConnectController()
568 // to verify the device path, just add a place holder for forbidden connect
575 Delete the specified device path by DriverIndex from the forbid device path
576 list (mAccessInfo.LoadForbid).
578 @param[in] DriverIndex The index of driver in forbidden device path list.
582 DeleteFromForbidLoad (
583 IN UINT16 DriverIndex
589 EFI_DEVICE_PATH_PROTOCOL
*Dp
;
593 // Find the specified device path.
595 while ((OffSet
< mAccessInfo
.LoadForbidLen
) && (DriverIndex
> 0)) {
596 Dp
= (EFI_DEVICE_PATH_PROTOCOL
*) (mAccessInfo
.LoadForbid
+ OffSet
);
597 DPSize
= GetDevicePathSize (Dp
);
603 // Specified device path found.
605 if (DriverIndex
== 0) {
606 Dp
= (EFI_DEVICE_PATH_PROTOCOL
*) (mAccessInfo
.LoadForbid
+ OffSet
);
607 DPSize
= GetDevicePathSize (Dp
);
608 OffLen
= mAccessInfo
.LoadForbidLen
- OffSet
- DPSize
;
611 mAccessInfo
.LoadForbid
+ OffSet
,
612 mAccessInfo
.LoadForbid
+ OffSet
+ DPSize
,
616 mAccessInfo
.LoadForbidLen
-= DPSize
;
622 Add the specified device path by DriverIndex to the forbid device path
623 list (mAccessInfo.LoadForbid).
625 @param[in] DriverIndex The index of driver saved in driver options.
630 IN UINT16 DriverIndex
641 // Get loadable driver device path.
643 UnicodeSPrint (VarName
, sizeof (VarName
), L
"Driver%04x", DriverIndex
);
644 GetEfiGlobalVariable2 (VarName
, (VOID
**)&Var
, NULL
);
650 // Save forbid load driver.
657 VarPtr
+= sizeof (UINT32
);
659 DevicePathLen
= *(UINT16
*) VarPtr
;
661 // Skip device path length.
663 VarPtr
+= sizeof (UINT16
);
666 // Skip description string.
668 VarPtr
+= StrSize ((UINT16
*) VarPtr
);
670 NewLen
= mAccessInfo
.LoadForbidLen
+ DevicePathLen
;
671 NewFL
= AllocateZeroPool (NewLen
);
677 if (mAccessInfo
.LoadForbidLen
> 0) {
678 CopyMem (NewFL
, mAccessInfo
.LoadForbid
, mAccessInfo
.LoadForbidLen
);
679 FreePool (mAccessInfo
.LoadForbid
);
682 CopyMem (NewFL
+ mAccessInfo
.LoadForbidLen
, VarPtr
, DevicePathLen
);
683 mAccessInfo
.LoadForbidLen
= NewLen
;
684 mAccessInfo
.LoadForbid
= NewFL
;