projects / mirror_edk2.git / blame
| Commit | Line | Data |
|---|---|---|
| 355b181f BB |
1 | /** @file -- VariablePolicyLib.h\r |
| 2 | Business logic for Variable Policy enforcement.\r | |
| 3 | \r | |
| 4 | Copyright (c) Microsoft Corporation.\r | |
| 5 | SPDX-License-Identifier: BSD-2-Clause-Patent\r | |
| 6 | \r | |
| 7 | **/\r | |
| 8 | \r | |
| 9 | #ifndef _VARIABLE_POLICY_LIB_H_\r | |
| 10 | #define _VARIABLE_POLICY_LIB_H_\r | |
| 11 | \r | |
| 12 | #include <Protocol/VariablePolicy.h>\r | |
| 13 | \r | |
| 14 | /**\r | |
| 15 | This API function validates and registers a new policy with\r | |
| 16 | the policy enforcement engine.\r | |
| 17 | \r | |
| 18 | @param[in] NewPolicy Pointer to the incoming policy structure.\r | |
| 19 | \r | |
| 20 | @retval EFI_SUCCESS\r | |
| 21 | @retval EFI_INVALID_PARAMETER NewPolicy is NULL or is internally inconsistent.\r | |
| 22 | @retval EFI_ALREADY_STARTED An identical matching policy already exists.\r | |
| 23 | @retval EFI_WRITE_PROTECTED The interface has been locked until the next reboot.\r | |
| 24 | @retval EFI_UNSUPPORTED Policy enforcement has been disabled. No reason to add more policies.\r | |
| 25 | @retval EFI_ABORTED A calculation error has prevented this function from completing.\r | |
| 26 | @retval EFI_OUT_OF_RESOURCES Cannot grow the table to hold any more policies.\r | |
| 27 | @retval EFI_NOT_READY Library has not yet been initialized.\r | |
| 28 | \r | |
| 29 | **/\r | |
| 30 | EFI_STATUS\r | |
| 31 | EFIAPI\r | |
| 32 | RegisterVariablePolicy (\r | |
| 33 | IN CONST VARIABLE_POLICY_ENTRY *NewPolicy\r | |
| 34 | );\r | |
| 35 | \r | |
| 36 | \r | |
| 37 | /**\r | |
| 38 | This API function checks to see whether the parameters to SetVariable would\r | |
| 39 | be allowed according to the current variable policies.\r | |
| 40 | \r | |
| 41 | @param[in] VariableName Same as EFI_SET_VARIABLE.\r | |
| 42 | @param[in] VendorGuid Same as EFI_SET_VARIABLE.\r | |
| 43 | @param[in] Attributes Same as EFI_SET_VARIABLE.\r | |
| 44 | @param[in] DataSize Same as EFI_SET_VARIABLE.\r | |
| 45 | @param[in] Data Same as EFI_SET_VARIABLE.\r | |
| 46 | \r | |
| 47 | @retval EFI_SUCCESS A matching policy allows this update.\r | |
| 48 | @retval EFI_SUCCESS There are currently no policies that restrict this update.\r | |
| 49 | @retval EFI_SUCCESS The protections have been disable until the next reboot.\r | |
| 50 | @retval EFI_WRITE_PROTECTED Variable is currently locked.\r | |
| 51 | @retval EFI_INVALID_PARAMETER Attributes or size are invalid.\r | |
| 52 | @retval EFI_ABORTED A lock policy exists, but an error prevented evaluation.\r | |
| 53 | @retval EFI_NOT_READY Library has not been initialized.\r | |
| 54 | \r | |
| 55 | **/\r | |
| 56 | EFI_STATUS\r | |
| 57 | EFIAPI\r | |
| 58 | ValidateSetVariable (\r | |
| 59 | IN CHAR16 *VariableName,\r | |
| 60 | IN EFI_GUID *VendorGuid,\r | |
| 61 | IN UINT32 Attributes,\r | |
| 62 | IN UINTN DataSize,\r | |
| 63 | IN VOID *Data\r | |
| 64 | );\r | |
| 65 | \r | |
| 66 | \r | |
| 67 | /**\r | |
| 68 | This API function disables the variable policy enforcement. If it's\r | |
| 69 | already been called once, will return EFI_ALREADY_STARTED.\r | |
| 70 | \r | |
| 71 | @retval EFI_SUCCESS\r | |
| 72 | @retval EFI_ALREADY_STARTED Has already been called once this boot.\r | |
| 73 | @retval EFI_WRITE_PROTECTED Interface has been locked until reboot.\r | |
| 74 | @retval EFI_WRITE_PROTECTED Interface option is disabled by platform PCD.\r | |
| 75 | @retval EFI_NOT_READY Library has not yet been initialized.\r | |
| 76 | \r | |
| 77 | **/\r | |
| 78 | EFI_STATUS\r | |
| 79 | EFIAPI\r | |
| 80 | DisableVariablePolicy (\r | |
| 81 | VOID\r | |
| 82 | );\r | |
| 83 | \r | |
| 84 | \r | |
| 85 | /**\r | |
| 86 | This API function will dump the entire contents of the variable policy table.\r | |
| 87 | \r | |
| 88 | Similar to GetVariable, the first call can be made with a 0 size and it will return\r | |
| 89 | the size of the buffer required to hold the entire table.\r | |
| 90 | \r | |
| 91 | @param[out] Policy Pointer to the policy buffer. Can be NULL if Size is 0.\r | |
| 92 | @param[in,out] Size On input, the size of the output buffer. On output, the size\r | |
| 93 | of the data returned.\r | |
| 94 | \r | |
| 95 | @retval EFI_SUCCESS Policy data is in the output buffer and Size has been updated.\r | |
| 96 | @retval EFI_INVALID_PARAMETER Size is NULL, or Size is non-zero and Policy is NULL.\r | |
| 97 | @retval EFI_BUFFER_TOO_SMALL Size is insufficient to hold policy. Size updated with required size.\r | |
| 98 | @retval EFI_NOT_READY Library has not yet been initialized.\r | |
| 99 | \r | |
| 100 | **/\r | |
| 101 | EFI_STATUS\r | |
| 102 | EFIAPI\r | |
| 103 | DumpVariablePolicy (\r | |
| 104 | OUT UINT8 *Policy,\r | |
| 105 | IN OUT UINT32 *Size\r | |
| 106 | );\r | |
| 107 | \r | |
| 108 | \r | |
| 109 | /**\r | |
| 110 | This API function returns whether or not the policy engine is\r | |
| 111 | currently being enforced.\r | |
| 112 | \r | |
| 113 | @retval TRUE\r | |
| 114 | @retval FALSE\r | |
| 115 | @retval FALSE Library has not yet been initialized.\r | |
| 116 | \r | |
| 117 | **/\r | |
| 118 | BOOLEAN\r | |
| 119 | EFIAPI\r | |
| 120 | IsVariablePolicyEnabled (\r | |
| 121 | VOID\r | |
| 122 | );\r | |
| 123 | \r | |
| 124 | \r | |
| 125 | /**\r | |
| 126 | This API function locks the interface so that no more policy updates\r | |
| 127 | can be performed or changes made to the enforcement until the next boot.\r | |
| 128 | \r | |
| 129 | @retval EFI_SUCCESS\r | |
| 130 | @retval EFI_NOT_READY Library has not yet been initialized.\r | |
| 131 | \r | |
| 132 | **/\r | |
| 133 | EFI_STATUS\r | |
| 134 | EFIAPI\r | |
| 135 | LockVariablePolicy (\r | |
| 136 | VOID\r | |
| 137 | );\r | |
| 138 | \r | |
| 139 | \r | |
| 140 | /**\r | |
| 141 | This API function returns whether or not the policy interface is locked\r | |
| 142 | for the remainder of the boot.\r | |
| 143 | \r | |
| 144 | @retval TRUE\r | |
| 145 | @retval FALSE\r | |
| 146 | @retval FALSE Library has not yet been initialized.\r | |
| 147 | \r | |
| 148 | **/\r | |
| 149 | BOOLEAN\r | |
| 150 | EFIAPI\r | |
| 151 | IsVariablePolicyInterfaceLocked (\r | |
| 152 | VOID\r | |
| 153 | );\r | |
| 154 | \r | |
| 155 | \r | |
| 156 | /**\r | |
| 157 | This helper function initializes the library and sets\r | |
| 158 | up any required internal structures or handlers.\r | |
| 159 | \r | |
| 160 | Also registers the internal pointer for the GetVariable helper.\r | |
| 161 | \r | |
| 162 | @param[in] GetVariableHelper A function pointer matching the EFI_GET_VARIABLE prototype that will be used to\r | |
| 163 | check policy criteria that involve the existence of other variables.\r | |
| 164 | \r | |
| 165 | @retval EFI_SUCCESS\r | |
| 166 | @retval EFI_ALREADY_STARTED The initialize function has been called more than once without a call to\r | |
| 167 | deinitialize.\r | |
| 168 | \r | |
| 169 | **/\r | |
| 170 | EFI_STATUS\r | |
| 171 | EFIAPI\r | |
| 172 | InitVariablePolicyLib (\r | |
| 173 | IN EFI_GET_VARIABLE GetVariableHelper\r | |
| 174 | );\r | |
| 175 | \r | |
| 176 | \r | |
| 177 | /**\r | |
| 178 | This helper function returns whether or not the library is currently initialized.\r | |
| 179 | \r | |
| 180 | @retval TRUE\r | |
| 181 | @retval FALSE\r | |
| 182 | \r | |
| 183 | **/\r | |
| 184 | BOOLEAN\r | |
| 185 | EFIAPI\r | |
| 186 | IsVariablePolicyLibInitialized (\r | |
| 187 | VOID\r | |
| 188 | );\r | |
| 189 | \r | |
| 190 | \r | |
| 191 | /**\r | |
| 192 | This helper function tears down the library.\r | |
| 193 | \r | |
| 194 | Should generally only be used for test harnesses.\r | |
| 195 | \r | |
| 196 | @retval EFI_SUCCESS\r | |
| 197 | @retval EFI_NOT_READY Deinitialize was called without first calling initialize.\r | |
| 198 | \r | |
| 199 | **/\r | |
| 200 | EFI_STATUS\r | |
| 201 | EFIAPI\r | |
| 202 | DeinitVariablePolicyLib (\r | |
| 203 | VOID\r | |
| 204 | );\r | |
| 205 | \r | |
| 206 | \r | |
| 207 | #endif // _VARIABLE_POLICY_LIB_H_\r |