[mirror_edk2.git] / SecurityPkg / UserIdentification / UserProfileManagerDxe / ModifyAccessPolicy.c

/** @file\r
  The functions for access policy modification.\r
    \r
Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials \r
are licensed and made available under the terms and conditions of the BSD License \r
which accompanies this distribution.  The full text of the license may be found at \r
http://opensource.org/licenses/bsd-license.php\r
\r
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
#include "UserProfileManager.h"\r
\r
/**\r
  Collect all the access policy data to mUserInfo.AccessPolicy, \r
  and save it to user profile.\r
\r
**/\r
VOID\r
SaveAccessPolicy (\r
  VOID\r
  )\r
{\r
  EFI_STATUS                    Status;\r
  UINTN                         OffSet;\r
  UINTN                         Size;\r
  EFI_USER_INFO_ACCESS_CONTROL  Control;\r
  EFI_USER_INFO_HANDLE          UserInfo;\r
  EFI_USER_INFO                 *Info;\r
\r
  if (mUserInfo.AccessPolicy != NULL) {\r
    FreePool (mUserInfo.AccessPolicy);\r
  }\r
  mUserInfo.AccessPolicy          = NULL;\r
  mUserInfo.AccessPolicyLen       = 0;\r
  mUserInfo.AccessPolicyModified  = TRUE;\r
  OffSet                          = 0;\r
  \r
  //\r
  // Save access right.\r
  //\r
  Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL);\r
  if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
    ExpandMemory (OffSet, Size);\r
  }\r
\r
  Control.Type = mAccessInfo.AccessRight;\r
  Control.Size = (UINT32) Size;\r
  CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
  OffSet += sizeof (Control);\r
  \r
  //\r
  // Save access setup.\r
  //\r
  Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + sizeof (EFI_GUID);\r
  if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
    ExpandMemory (OffSet, Size);\r
  }\r
\r
  Control.Type = EFI_USER_INFO_ACCESS_SETUP;\r
  Control.Size = (UINT32) Size;  \r
  CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
  OffSet += sizeof (Control);\r
  \r
  if (mAccessInfo.AccessSetup == ACCESS_SETUP_NORMAL) {\r
    CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupNormalGuid);\r
  } else if (mAccessInfo.AccessSetup == ACCESS_SETUP_RESTRICTED) {\r
    CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupRestrictedGuid);\r
  } else if (mAccessInfo.AccessSetup == ACCESS_SETUP_ADMIN) {\r
    CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupAdminGuid);\r
  }\r
  OffSet += sizeof (EFI_GUID);\r
  \r
  //\r
  // Save access of boot order.\r
  //\r
  Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + sizeof (UINT32);\r
  if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
    ExpandMemory (OffSet, Size);\r
  }\r
\r
  Control.Type = EFI_USER_INFO_ACCESS_BOOT_ORDER;\r
  Control.Size = (UINT32) Size;  \r
  CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
  OffSet += sizeof (Control);\r
\r
  CopyMem ((UINT8 *) (mUserInfo.AccessPolicy + OffSet), &mAccessInfo.AccessBootOrder, sizeof (UINT32));\r
  OffSet += sizeof (UINT32);\r
  \r
  //\r
  // Save permit load.\r
  //\r
  if (mAccessInfo.LoadPermitLen > 0) {\r
    Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.LoadPermitLen;\r
    if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
      ExpandMemory (OffSet, Size);\r
    }\r
\r
    Control.Type = EFI_USER_INFO_ACCESS_PERMIT_LOAD;\r
    Control.Size = (UINT32) Size;  \r
    CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
    OffSet += sizeof (Control);\r
  \r
    CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.LoadPermit, mAccessInfo.LoadPermitLen);\r
    OffSet += mAccessInfo.LoadPermitLen;\r
  }\r
  \r
  //\r
  // Save forbid load.\r
  //\r
  if (mAccessInfo.LoadForbidLen > 0) {\r
    Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.LoadForbidLen;\r
    if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
      ExpandMemory (OffSet, Size);\r
    }\r
\r
    Control.Type = EFI_USER_INFO_ACCESS_FORBID_LOAD;\r
    Control.Size = (UINT32) Size;  \r
    CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
    OffSet += sizeof (Control);\r
    \r
    CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.LoadForbid, mAccessInfo.LoadForbidLen);\r
    OffSet += mAccessInfo.LoadForbidLen;\r
  }\r
  \r
  //\r
  // Save permit connect.\r
  //\r
  if (mAccessInfo.ConnectPermitLen > 0) {\r
    Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.ConnectPermitLen;\r
    if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
      ExpandMemory (OffSet, Size);\r
    }\r
\r
    Control.Type = EFI_USER_INFO_ACCESS_PERMIT_CONNECT;\r
    Control.Size = (UINT32) Size;  \r
    CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
    OffSet += sizeof (Control);\r
    \r
    CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.ConnectPermit, mAccessInfo.ConnectPermitLen);\r
    OffSet += mAccessInfo.ConnectPermitLen;\r
  }\r
  \r
  //\r
  // Save forbid connect.\r
  //\r
  if (mAccessInfo.ConnectForbidLen > 0) {\r
    Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.ConnectForbidLen;\r
    if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
      ExpandMemory (OffSet, Size);\r
    }\r
\r
    Control.Type = EFI_USER_INFO_ACCESS_FORBID_CONNECT;\r
    Control.Size = (UINT32) Size;  \r
    CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
    OffSet += sizeof (Control);\r
    \r
    CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.ConnectForbid, mAccessInfo.ConnectForbidLen);\r
    OffSet += mAccessInfo.ConnectForbidLen;\r
  }\r
\r
  mUserInfo.AccessPolicyLen = OffSet;\r
\r
  //\r
  // Save access policy.\r
  //\r
  if (mUserInfo.AccessPolicyModified && (mUserInfo.AccessPolicyLen > 0) && (mUserInfo.AccessPolicy != NULL)) {\r
    Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + mUserInfo.AccessPolicyLen);\r
    if (Info == NULL) {\r
      return ;\r
    }\r
\r
    Status = FindInfoByType (mModifyUser, EFI_USER_INFO_ACCESS_POLICY_RECORD, &UserInfo);\r
    if (!EFI_ERROR (Status)) {\r
      Info->InfoType    = EFI_USER_INFO_ACCESS_POLICY_RECORD;\r
      Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV |\r
                          EFI_USER_INFO_PUBLIC |\r
                          EFI_USER_INFO_EXCLUSIVE;\r
      Info->InfoSize    = (UINT32) (sizeof (EFI_USER_INFO) + mUserInfo.AccessPolicyLen);\r
      CopyMem ((UINT8 *) (Info + 1), mUserInfo.AccessPolicy, mUserInfo.AccessPolicyLen);\r
      Status = mUserManager->SetInfo (\r
                               mUserManager,\r
                               mModifyUser,\r
                               &UserInfo,\r
                               Info,\r
                               Info->InfoSize\r
                               );\r
      mUserInfo.AccessPolicyModified = FALSE;\r
    }\r
    FreePool (Info);\r
  }\r
\r
  if (mAccessInfo.ConnectForbid != NULL) {\r
    FreePool (mAccessInfo.ConnectForbid);\r
    mAccessInfo.ConnectForbid = NULL;\r
  }\r
\r
  if (mAccessInfo.ConnectPermit != NULL) {\r
    FreePool (mAccessInfo.ConnectPermit);\r
    mAccessInfo.ConnectPermit = NULL;\r
  }\r
\r
  if (mAccessInfo.LoadForbid != NULL) {\r
    FreePool (mAccessInfo.LoadForbid);\r
    mAccessInfo.LoadForbid = NULL;\r
  }\r
\r
  if (mAccessInfo.LoadPermit != NULL) {\r
    FreePool (mAccessInfo.LoadPermit);\r
    mAccessInfo.LoadPermit = NULL;\r
  }\r
}\r
\r
/**\r
  Create an action OpCode with QuestionID and DevicePath on a given OpCodeHandle.\r
\r
  @param[in]  QuestionID            The question ID.\r
  @param[in]  DevicePath            Points to device path.\r
  @param[in]  OpCodeHandle          Points to container for dynamic created opcodes.\r
\r
**/\r
VOID\r
AddDevicePath (\r
  IN  UINTN                                     QuestionID,\r
  IN  EFI_DEVICE_PATH_PROTOCOL                  *DevicePath,\r
  IN     VOID                                   *OpCodeHandle\r
  )\r
{\r
  EFI_STATUS                        Status;\r
  EFI_DEVICE_PATH_PROTOCOL          *Next;\r
  EFI_STRING_ID                     NameID;\r
  EFI_STRING                        DriverName;\r
  EFI_DEVICE_PATH_TO_TEXT_PROTOCOL  *DevicePathText;\r
\r
  //\r
  // Locate device path to text protocol.\r
  //\r
  Status = gBS->LocateProtocol (\r
                  &gEfiDevicePathToTextProtocolGuid,\r
                  NULL,\r
                  (VOID **) &DevicePathText\r
                  );\r
  if (EFI_ERROR (Status)) {\r
    return ;\r
  }\r
  \r
  //\r
  // Get driver file name node.\r
  //\r
  Next = DevicePath;\r
  while (!IsDevicePathEnd (Next)) {\r
    DevicePath  = Next;\r
    Next        = NextDevicePathNode (Next);\r
  }\r
\r
  //\r
  // Display the device path in form.\r
  //\r
  DriverName = DevicePathText->ConvertDevicePathToText (DevicePath, FALSE, FALSE);\r
  NameID = HiiSetString (mCallbackInfo->HiiHandle, 0, DriverName, NULL);\r
  FreePool (DriverName);\r
  if (NameID == 0) {\r
    return ;\r
  }\r
\r
  HiiCreateActionOpCode (\r
    OpCodeHandle,                   // Container for dynamic created opcodes\r
    (UINT16) QuestionID,            // Question ID\r
    NameID,                         // Prompt text\r
    STRING_TOKEN (STR_NULL_STRING), // Help text\r
    EFI_IFR_FLAG_CALLBACK,          // Question flag\r
    0                               // Action String ID\r
    );\r
}\r
\r
\r
/**\r
  Check whether the DevicePath is in the device path forbid list \r
  (mAccessInfo.LoadForbid).\r
\r
  @param[in]  DevicePath           Points to device path.\r
  \r
  @retval TRUE     The DevicePath is in the device path forbid list.\r
  @retval FALSE    The DevicePath is not in the device path forbid list.\r
\r
**/\r
BOOLEAN\r
IsLoadForbidden (\r
  IN  EFI_DEVICE_PATH_PROTOCOL                  *DevicePath\r
  )\r
{\r
  UINTN                     OffSet;\r
  UINTN                     DPSize;\r
  UINTN                     Size;\r
  EFI_DEVICE_PATH_PROTOCOL  *Dp;\r
\r
  OffSet = 0;\r
  Size   = GetDevicePathSize (DevicePath);\r
  //\r
  // Check each device path.\r
  //\r
  while (OffSet < mAccessInfo.LoadForbidLen) {\r
    Dp      = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + OffSet);\r
    DPSize  = GetDevicePathSize (Dp);\r
    //\r
    // Compare device path.\r
    //\r
    if ((DPSize == Size) && (CompareMem (DevicePath, Dp, Size) == 0)) {\r
      return TRUE;\r
    }\r
    OffSet += DPSize;\r
  }\r
  return FALSE;\r
}\r
\r
\r
/**\r
  Display the permit load device path in the loadable device path list.\r
\r
**/\r
VOID\r
DisplayLoadPermit(\r
  VOID\r
  )\r
{\r
  EFI_STATUS          Status;\r
  CHAR16              *Order;\r
  UINTN               OrderSize;\r
  UINTN               ListCount;\r
  UINTN               Index;\r
  UINT8               *Var;\r
  UINT8               *VarPtr;\r
  CHAR16              VarName[12];\r
  VOID                *StartOpCodeHandle;\r
  VOID                *EndOpCodeHandle;\r
  EFI_IFR_GUID_LABEL  *StartLabel;\r
  EFI_IFR_GUID_LABEL  *EndLabel;\r
\r
  //\r
  // Get DriverOrder.\r
  //\r
  OrderSize = 0;\r
  Status    = gRT->GetVariable (\r
                     L"DriverOrder", \r
                     &gEfiGlobalVariableGuid, \r
                     NULL, \r
                     &OrderSize, \r
                     NULL\r
                     );\r
  if (Status != EFI_BUFFER_TOO_SMALL) {\r
    return ;\r
  }\r
\r
  Order = AllocateZeroPool (OrderSize);\r
  if (Order == NULL) {\r
    return ;\r
  }\r
\r
  Status = gRT->GetVariable (\r
                  L"DriverOrder", \r
                  &gEfiGlobalVariableGuid, \r
                  NULL, \r
                  &OrderSize, \r
                  Order\r
                  );\r
  if (EFI_ERROR (Status)) {\r
    return ;\r
  }\r
  \r
  //\r
  // Initialize the container for dynamic opcodes.\r
  //\r
  StartOpCodeHandle = HiiAllocateOpCodeHandle ();\r
  ASSERT (StartOpCodeHandle != NULL);\r
\r
  EndOpCodeHandle = HiiAllocateOpCodeHandle ();\r
  ASSERT (EndOpCodeHandle != NULL);\r
\r
  //\r
  // Create Hii Extend Label OpCode.\r
  //\r
  StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (\r
                                        StartOpCodeHandle,\r
                                        &gEfiIfrTianoGuid,\r
                                        NULL,\r
                                        sizeof (EFI_IFR_GUID_LABEL)\r
                                        );\r
  StartLabel->ExtendOpCode  = EFI_IFR_EXTEND_OP_LABEL;\r
  StartLabel->Number        = LABEL_PERMIT_LOAD_FUNC;\r
\r
  EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (\r
                                      EndOpCodeHandle,\r
                                      &gEfiIfrTianoGuid,\r
                                      NULL,\r
                                      sizeof (EFI_IFR_GUID_LABEL)\r
                                      );\r
  EndLabel->ExtendOpCode  = EFI_IFR_EXTEND_OP_LABEL;\r
  EndLabel->Number        = LABEL_END;\r
\r
  //\r
  // Add each driver option.\r
  //\r
  Var       = NULL;\r
  ListCount = OrderSize / sizeof (UINT16);\r
  for (Index = 0; Index < ListCount; Index++) {\r
    //\r
    // Get driver device path.\r
    //\r
    UnicodeSPrint (VarName, sizeof (VarName), L"Driver%04x", Order[Index]);\r
    GetEfiGlobalVariable2 (VarName, &Var, NULL);\r
    if (Var == NULL) {\r
      continue;\r
    }\r
    \r
    //\r
    // Check whether the driver is already forbidden.\r
    //\r
    \r
    VarPtr = Var;\r
    //\r
    // Skip attribute.\r
    //\r
    VarPtr += sizeof (UINT32);\r
\r
    //\r
    // Skip device path lenth.\r
    //\r
    VarPtr += sizeof (UINT16);\r
\r
    //\r
    // Skip descript string.\r
    //\r
    VarPtr += StrSize ((UINT16 *) VarPtr);\r
\r
    if (IsLoadForbidden ((EFI_DEVICE_PATH_PROTOCOL *) VarPtr)) {\r
      FreePool (Var);\r
      Var = NULL;\r
      continue;\r
    }\r
\r
    AddDevicePath (\r
      KEY_MODIFY_USER | KEY_MODIFY_AP_DP | KEY_LOAD_PERMIT_MODIFY | Order[Index],\r
      (EFI_DEVICE_PATH_PROTOCOL *) VarPtr,\r
      StartOpCodeHandle\r
      );\r
    FreePool (Var);\r
    Var = NULL;\r
  }\r
\r
  HiiUpdateForm (\r
    mCallbackInfo->HiiHandle, // HII handle\r
    &gUserProfileManagerGuid, // Formset GUID\r
    FORMID_PERMIT_LOAD_DP,    // Form ID\r
    StartOpCodeHandle,        // Label for where to insert opcodes\r
    EndOpCodeHandle           // Replace data\r
    );\r
\r
  HiiFreeOpCodeHandle (StartOpCodeHandle);\r
  HiiFreeOpCodeHandle (EndOpCodeHandle);\r
\r
  //\r
  // Clear Environment.\r
  //\r
  if (Var != NULL) {\r
    FreePool (Var);\r
  }\r
  FreePool (Order);\r
}\r
\r
\r
/**\r
  Display the forbid load device path list (mAccessInfo.LoadForbid).\r
\r
**/\r
VOID\r
DisplayLoadForbid (\r
  VOID\r
  )\r
{\r
  UINTN                     Offset;\r
  UINTN                     DPSize;\r
  UINTN                     Index;\r
  EFI_DEVICE_PATH_PROTOCOL  *Dp;\r
  VOID                      *StartOpCodeHandle;\r
  VOID                      *EndOpCodeHandle;\r
  EFI_IFR_GUID_LABEL        *StartLabel;\r
  EFI_IFR_GUID_LABEL        *EndLabel;\r
\r
  //\r
  // Initialize the container for dynamic opcodes.\r
  //\r
  StartOpCodeHandle = HiiAllocateOpCodeHandle ();\r
  ASSERT (StartOpCodeHandle != NULL);\r
\r
  EndOpCodeHandle = HiiAllocateOpCodeHandle ();\r
  ASSERT (EndOpCodeHandle != NULL);\r
\r
  //\r
  // Create Hii Extend Label OpCode.\r
  //\r
  StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (\r
                                        StartOpCodeHandle,\r
                                        &gEfiIfrTianoGuid,\r
                                        NULL,\r
                                        sizeof (EFI_IFR_GUID_LABEL)\r
                                        );\r
  StartLabel->ExtendOpCode  = EFI_IFR_EXTEND_OP_LABEL;\r
  StartLabel->Number        = LABLE_FORBID_LOAD_FUNC;\r
\r
  EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (\r
                                      EndOpCodeHandle,\r
                                      &gEfiIfrTianoGuid,\r
                                      NULL,\r
                                      sizeof (EFI_IFR_GUID_LABEL)\r
                                      );\r
  EndLabel->ExtendOpCode  = EFI_IFR_EXTEND_OP_LABEL;\r
  EndLabel->Number        = LABEL_END;\r
\r
  //\r
  // Add each forbid load drivers.\r
  //\r
  Offset  = 0;\r
  Index   = 0;\r
  while (Offset < mAccessInfo.LoadForbidLen) {\r
    Dp      = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + Offset);\r
    DPSize  = GetDevicePathSize (Dp);\r
    AddDevicePath (\r
      KEY_MODIFY_USER | KEY_MODIFY_AP_DP | KEY_LOAD_FORBID_MODIFY | Index,\r
      Dp,\r
      StartOpCodeHandle\r
      );\r
    Index++;\r
    Offset += DPSize;\r
  }\r
\r
  HiiUpdateForm (\r
    mCallbackInfo->HiiHandle, // HII handle\r
    &gUserProfileManagerGuid, // Formset GUID\r
    FORMID_FORBID_LOAD_DP,    // Form ID\r
    StartOpCodeHandle,        // Label for where to insert opcodes\r
    EndOpCodeHandle           // Replace data\r
    );\r
\r
  HiiFreeOpCodeHandle (StartOpCodeHandle);\r
  HiiFreeOpCodeHandle (EndOpCodeHandle);\r
}\r
\r
\r
/**\r
  Display the permit connect device path.\r
\r
**/\r
VOID\r
DisplayConnectPermit (\r
  VOID\r
  )\r
{\r
  //\r
  // Note: \r
  // As no architect protocol/interface to be called in ConnectController()\r
  // to verify the device path, just add a place holder for permitted connect\r
  // device path.\r
  //\r
}\r
\r
\r
/**\r
  Display the forbid connect device path list.\r
\r
**/\r
VOID\r
DisplayConnectForbid (\r
  VOID\r
  )\r
{\r
  //\r
  // Note: \r
  // As no architect protocol/interface to be called in ConnectController()\r
  // to verify the device path, just add a place holder for forbidden connect\r
  // device path.\r
  //\r
}\r
\r
\r
/**\r
  Delete the specified device path by DriverIndex from the forbid device path \r
  list (mAccessInfo.LoadForbid).\r
\r
  @param[in]  DriverIndex   The index of driver in forbidden device path list.\r
  \r
**/\r
VOID\r
DeleteFromForbidLoad (\r
  IN  UINT16                                    DriverIndex\r
  )\r
{\r
  UINTN                     OffSet;\r
  UINTN                     DPSize;\r
  UINTN                     OffLen;\r
  EFI_DEVICE_PATH_PROTOCOL  *Dp;\r
\r
  OffSet = 0;\r
  //\r
  // Find the specified device path.\r
  //\r
  while ((OffSet < mAccessInfo.LoadForbidLen) && (DriverIndex > 0)) {\r
    Dp      = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + OffSet);\r
    DPSize  = GetDevicePathSize (Dp);\r
    OffSet += DPSize;\r
    DriverIndex--;\r
  }\r
  \r
  //\r
  // Specified device path found.\r
  //\r
  if (DriverIndex == 0) {\r
    Dp      = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + OffSet);\r
    DPSize  = GetDevicePathSize (Dp);\r
    OffLen  = mAccessInfo.LoadForbidLen - OffSet - DPSize;\r
    if (OffLen > 0) {\r
      CopyMem (\r
        mAccessInfo.LoadForbid + OffSet, \r
        mAccessInfo.LoadForbid + OffSet + DPSize, \r
        OffLen\r
        );\r
    }\r
    mAccessInfo.LoadForbidLen -= DPSize;\r
  }\r
}\r
\r
\r
/**\r
  Add the specified device path by DriverIndex to the forbid device path \r
  list (mAccessInfo.LoadForbid).\r
\r
  @param[in]  DriverIndex   The index of driver saved in driver options.\r
  \r
**/\r
VOID\r
AddToForbidLoad (\r
  IN  UINT16                                    DriverIndex\r
  )\r
{\r
  UINTN       DevicePathLen;\r
  UINT8       *Var;\r
  UINT8       *VarPtr;\r
  UINTN       NewLen;\r
  UINT8       *NewFL;\r
  CHAR16      VarName[13];\r
\r
  //\r
  // Get loadable driver device path.\r
  //\r
  UnicodeSPrint  (VarName, sizeof (VarName), L"Driver%04x", DriverIndex);\r
  GetEfiGlobalVariable2 (VarName, &Var, NULL);\r
  if (Var == NULL) {\r
    return;\r
  }\r
  \r
  //\r
  // Save forbid load driver.\r
  //\r
  \r
  VarPtr = Var;\r
  //\r
  // Skip attribute.\r
  //\r
  VarPtr += sizeof (UINT32);\r
\r
  DevicePathLen = *(UINT16 *) VarPtr;\r
  //\r
  // Skip device path length.\r
  //\r
  VarPtr += sizeof (UINT16);\r
\r
  //\r
  // Skip description string.\r
  //\r
  VarPtr += StrSize ((UINT16 *) VarPtr);\r
\r
  NewLen  = mAccessInfo.LoadForbidLen + DevicePathLen;\r
  NewFL   = AllocateZeroPool (NewLen);\r
  if (NewFL == NULL) {\r
    FreePool (Var);\r
    return ;\r
  }\r
\r
  if (mAccessInfo.LoadForbidLen > 0) {\r
    CopyMem (NewFL, mAccessInfo.LoadForbid, mAccessInfo.LoadForbidLen);\r
    FreePool (mAccessInfo.LoadForbid);\r
  }\r
\r
  CopyMem (NewFL + mAccessInfo.LoadForbidLen, VarPtr, DevicePathLen);\r
  mAccessInfo.LoadForbidLen = NewLen;\r
  mAccessInfo.LoadForbid    = NewFL;\r
  FreePool (Var);\r
}\r
\r
\r
Commit	Line	Data
0c5b25f0	1	/** @file\r
	2	The functions for access policy modification.\r
	3	\r
	4	Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>\r
	5	This program and the accompanying materials \r
	6	are licensed and made available under the terms and conditions of the BSD License \r
	7	which accompanies this distribution. The full text of the license may be found at \r
	8	http://opensource.org/licenses/bsd-license.php\r
	9	\r
	10	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS, \r
	11	WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
	12	\r
	13	**/\r
	14	\r
	15	#include "UserProfileManager.h"\r
	16	\r
	17	/**\r
	18	Collect all the access policy data to mUserInfo.AccessPolicy, \r
	19	and save it to user profile.\r
	20	\r
	21	**/\r
	22	VOID\r
	23	SaveAccessPolicy (\r
	24	VOID\r
	25	)\r
	26	{\r
	27	EFI_STATUS Status;\r
	28	UINTN OffSet;\r
	29	UINTN Size;\r
	30	EFI_USER_INFO_ACCESS_CONTROL Control;\r
	31	EFI_USER_INFO_HANDLE UserInfo;\r
	32	EFI_USER_INFO *Info;\r
	33	\r
	34	if (mUserInfo.AccessPolicy != NULL) {\r
	35	FreePool (mUserInfo.AccessPolicy);\r
	36	}\r
	37	mUserInfo.AccessPolicy = NULL;\r
	38	mUserInfo.AccessPolicyLen = 0;\r
	39	mUserInfo.AccessPolicyModified = TRUE;\r
	40	OffSet = 0;\r
	41	\r
	42	//\r
	43	// Save access right.\r
	44	//\r
	45	Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL);\r
	46	if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
	47	ExpandMemory (OffSet, Size);\r
	48	}\r
	49	\r
	50	Control.Type = mAccessInfo.AccessRight;\r
	51	Control.Size = (UINT32) Size;\r
	52	CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
	53	OffSet += sizeof (Control);\r
	54	\r
	55	//\r
	56	// Save access setup.\r
	57	//\r
	58	Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + sizeof (EFI_GUID);\r
	59	if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
	60	ExpandMemory (OffSet, Size);\r
	61	}\r
	62	\r
	63	Control.Type = EFI_USER_INFO_ACCESS_SETUP;\r
	64	Control.Size = (UINT32) Size; \r
65	CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
66	OffSet += sizeof (Control);\r
67	\r
68	if (mAccessInfo.AccessSetup == ACCESS_SETUP_NORMAL) {\r
69	CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupNormalGuid);\r
70	} else if (mAccessInfo.AccessSetup == ACCESS_SETUP_RESTRICTED) {\r
71	CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupRestrictedGuid);\r
72	} else if (mAccessInfo.AccessSetup == ACCESS_SETUP_ADMIN) {\r
73	CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupAdminGuid);\r
74	}\r
75	OffSet += sizeof (EFI_GUID);\r
76	\r
77	//\r
78	// Save access of boot order.\r
79	//\r
80	Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + sizeof (UINT32);\r
81	if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
82	ExpandMemory (OffSet, Size);\r
83	}\r
84	\r
85	Control.Type = EFI_USER_INFO_ACCESS_BOOT_ORDER;\r
86	Control.Size = (UINT32) Size; \r
87	CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
88	OffSet += sizeof (Control);\r
89	\r
90	CopyMem ((UINT8 *) (mUserInfo.AccessPolicy + OffSet), &mAccessInfo.AccessBootOrder, sizeof (UINT32));\r
91	OffSet += sizeof (UINT32);\r
92	\r
93	//\r
94	// Save permit load.\r
95	//\r
96	if (mAccessInfo.LoadPermitLen > 0) {\r
97	Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.LoadPermitLen;\r
98	if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
99	ExpandMemory (OffSet, Size);\r
100	}\r
101	\r
102	Control.Type = EFI_USER_INFO_ACCESS_PERMIT_LOAD;\r
103	Control.Size = (UINT32) Size; \r
104	CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
105	OffSet += sizeof (Control);\r
106	\r
107	CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.LoadPermit, mAccessInfo.LoadPermitLen);\r
108	OffSet += mAccessInfo.LoadPermitLen;\r
109	}\r
110	\r
111	//\r
112	// Save forbid load.\r
113	//\r
114	if (mAccessInfo.LoadForbidLen > 0) {\r
115	Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.LoadForbidLen;\r
116	if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
117	ExpandMemory (OffSet, Size);\r
118	}\r
119	\r
120	Control.Type = EFI_USER_INFO_ACCESS_FORBID_LOAD;\r
121	Control.Size = (UINT32) Size; \r
122	CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
123	OffSet += sizeof (Control);\r
124	\r
125	CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.LoadForbid, mAccessInfo.LoadForbidLen);\r
126	OffSet += mAccessInfo.LoadForbidLen;\r
127	}\r
128	\r
129	//\r
130	// Save permit connect.\r
131	//\r
132	if (mAccessInfo.ConnectPermitLen > 0) {\r
133	Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.ConnectPermitLen;\r
134	if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
135	ExpandMemory (OffSet, Size);\r
136	}\r
137	\r
138	Control.Type = EFI_USER_INFO_ACCESS_PERMIT_CONNECT;\r
139	Control.Size = (UINT32) Size; \r
140	CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
141	OffSet += sizeof (Control);\r
142	\r
143	CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.ConnectPermit, mAccessInfo.ConnectPermitLen);\r
144	OffSet += mAccessInfo.ConnectPermitLen;\r
145	}\r
146	\r
147	//\r
148	// Save forbid connect.\r
149	//\r
150	if (mAccessInfo.ConnectForbidLen > 0) {\r
151	Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.ConnectForbidLen;\r
152	if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
153	ExpandMemory (OffSet, Size);\r
154	}\r
155	\r
156	Control.Type = EFI_USER_INFO_ACCESS_FORBID_CONNECT;\r
157	Control.Size = (UINT32) Size; \r
158	CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
159	OffSet += sizeof (Control);\r
160	\r
161	CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.ConnectForbid, mAccessInfo.ConnectForbidLen);\r
162	OffSet += mAccessInfo.ConnectForbidLen;\r
163	}\r
164	\r
165	mUserInfo.AccessPolicyLen = OffSet;\r
166	\r
167	//\r
168	// Save access policy.\r
169	//\r
44a957c6	170	if (mUserInfo.AccessPolicyModified && (mUserInfo.AccessPolicyLen > 0) && (mUserInfo.AccessPolicy != NULL)) {\r
0c5b25f0	171	Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + mUserInfo.AccessPolicyLen);\r
	172	if (Info == NULL) {\r
	173	return ;\r
	174	}\r
	175	\r
	176	Status = FindInfoByType (mModifyUser, EFI_USER_INFO_ACCESS_POLICY_RECORD, &UserInfo);\r
	177	if (!EFI_ERROR (Status)) {\r
	178	Info->InfoType = EFI_USER_INFO_ACCESS_POLICY_RECORD;\r
	179	Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV \|\r
	180	EFI_USER_INFO_PUBLIC \|\r
	181	EFI_USER_INFO_EXCLUSIVE;\r
	182	Info->InfoSize = (UINT32) (sizeof (EFI_USER_INFO) + mUserInfo.AccessPolicyLen);\r
	183	CopyMem ((UINT8 *) (Info + 1), mUserInfo.AccessPolicy, mUserInfo.AccessPolicyLen);\r
	184	Status = mUserManager->SetInfo (\r
	185	mUserManager,\r
	186	mModifyUser,\r
	187	&UserInfo,\r
	188	Info,\r
	189	Info->InfoSize\r
	190	);\r
	191	mUserInfo.AccessPolicyModified = FALSE;\r
	192	}\r
	193	FreePool (Info);\r
	194	}\r
	195	\r
	196	if (mAccessInfo.ConnectForbid != NULL) {\r
	197	FreePool (mAccessInfo.ConnectForbid);\r
	198	mAccessInfo.ConnectForbid = NULL;\r
	199	}\r
	200	\r
	201	if (mAccessInfo.ConnectPermit != NULL) {\r
	202	FreePool (mAccessInfo.ConnectPermit);\r
	203	mAccessInfo.ConnectPermit = NULL;\r
	204	}\r
	205	\r
	206	if (mAccessInfo.LoadForbid != NULL) {\r
	207	FreePool (mAccessInfo.LoadForbid);\r
	208	mAccessInfo.LoadForbid = NULL;\r
	209	}\r
	210	\r
	211	if (mAccessInfo.LoadPermit != NULL) {\r
	212	FreePool (mAccessInfo.LoadPermit);\r
	213	mAccessInfo.LoadPermit = NULL;\r
	214	}\r
	215	}\r
	216	\r
	217	/**\r
	218	Create an action OpCode with QuestionID and DevicePath on a given OpCodeHandle.\r
	219	\r
	220	@param[in] QuestionID The question ID.\r
	221	@param[in] DevicePath Points to device path.\r
	222	@param[in] OpCodeHandle Points to container for dynamic created opcodes.\r
	223	\r
	224	**/\r
	225	VOID\r
	226	AddDevicePath (\r
	227	IN UINTN QuestionID,\r
	228	IN EFI_DEVICE_PATH_PROTOCOL *DevicePath,\r
	229	IN VOID *OpCodeHandle\r
	230	)\r
	231	{\r
	232	EFI_STATUS Status;\r
	233	EFI_DEVICE_PATH_PROTOCOL *Next;\r
	234	EFI_STRING_ID NameID;\r
235	EFI_STRING DriverName;\r
236	EFI_DEVICE_PATH_TO_TEXT_PROTOCOL *DevicePathText;\r
237	\r
238	//\r
239	// Locate device path to text protocol.\r
240	//\r
241	Status = gBS->LocateProtocol (\r
242	&gEfiDevicePathToTextProtocolGuid,\r
243	NULL,\r
244	(VOID **) &DevicePathText\r
245	);\r
246	if (EFI_ERROR (Status)) {\r
247	return ;\r
248	}\r
249	\r
250	//\r
251	// Get driver file name node.\r
252	//\r
253	Next = DevicePath;\r
254	while (!IsDevicePathEnd (Next)) {\r
255	DevicePath = Next;\r
256	Next = NextDevicePathNode (Next);\r
257	}\r
258	\r
259	//\r
260	// Display the device path in form.\r
261	//\r
262	DriverName = DevicePathText->ConvertDevicePathToText (DevicePath, FALSE, FALSE);\r
263	NameID = HiiSetString (mCallbackInfo->HiiHandle, 0, DriverName, NULL);\r
264	FreePool (DriverName);\r
265	if (NameID == 0) {\r
266	return ;\r
267	}\r
268	\r
269	HiiCreateActionOpCode (\r
270	OpCodeHandle, // Container for dynamic created opcodes\r
271	(UINT16) QuestionID, // Question ID\r
272	NameID, // Prompt text\r
273	STRING_TOKEN (STR_NULL_STRING), // Help text\r
274	EFI_IFR_FLAG_CALLBACK, // Question flag\r
275	0 // Action String ID\r
276	);\r
277	}\r
278	\r
279	\r
280	/**\r
281	Check whether the DevicePath is in the device path forbid list \r
282	(mAccessInfo.LoadForbid).\r
283	\r
284	@param[in] DevicePath Points to device path.\r
285	\r
286	@retval TRUE The DevicePath is in the device path forbid list.\r
287	@retval FALSE The DevicePath is not in the device path forbid list.\r
288	\r
289	**/\r
290	BOOLEAN\r
291	IsLoadForbidden (\r
292	IN EFI_DEVICE_PATH_PROTOCOL *DevicePath\r
293	)\r
294	{\r
295	UINTN OffSet;\r
296	UINTN DPSize;\r
297	UINTN Size;\r
298	EFI_DEVICE_PATH_PROTOCOL *Dp;\r
299	\r
300	OffSet = 0;\r
301	Size = GetDevicePathSize (DevicePath);\r
302	//\r
303	// Check each device path.\r
304	//\r
305	while (OffSet < mAccessInfo.LoadForbidLen) {\r
306	Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + OffSet);\r
307	DPSize = GetDevicePathSize (Dp);\r
308	//\r
309	// Compare device path.\r
310	//\r
311	if ((DPSize == Size) && (CompareMem (DevicePath, Dp, Size) == 0)) {\r
312	return TRUE;\r
313	}\r
314	OffSet += DPSize;\r
315	}\r
316	return FALSE;\r
317	}\r
318	\r
319	\r
320	/**\r
321	Display the permit load device path in the loadable device path list.\r
322	\r
323	**/\r
324	VOID\r
325	DisplayLoadPermit(\r
326	VOID\r
327	)\r
328	{\r
329	EFI_STATUS Status;\r
330	CHAR16 *Order;\r
331	UINTN OrderSize;\r
332	UINTN ListCount;\r
333	UINTN Index;\r
334	UINT8 *Var;\r
335	UINT8 *VarPtr;\r
336	CHAR16 VarName[12];\r
337	VOID *StartOpCodeHandle;\r
338	VOID *EndOpCodeHandle;\r
339	EFI_IFR_GUID_LABEL *StartLabel;\r
340	EFI_IFR_GUID_LABEL *EndLabel;\r
341	\r
342	//\r
343	// Get DriverOrder.\r
344	//\r
345	OrderSize = 0;\r
346	Status = gRT->GetVariable (\r
347	L"DriverOrder", \r
348	&gEfiGlobalVariableGuid, \r
349	NULL, \r
350	&OrderSize, \r
351	NULL\r
352	);\r
353	if (Status != EFI_BUFFER_TOO_SMALL) {\r
354	return ;\r
355	}\r
356	\r
357	Order = AllocateZeroPool (OrderSize);\r
358	if (Order == NULL) {\r
359	return ;\r
360	}\r
361	\r
362	Status = gRT->GetVariable (\r
363	L"DriverOrder", \r
364	&gEfiGlobalVariableGuid, \r
365	NULL, \r
366	&OrderSize, \r
367	Order\r
368	);\r
369	if (EFI_ERROR (Status)) {\r
370	return ;\r
371	}\r
372	\r
373	//\r
374	// Initialize the container for dynamic opcodes.\r
375	//\r
376	StartOpCodeHandle = HiiAllocateOpCodeHandle ();\r
377	ASSERT (StartOpCodeHandle != NULL);\r
378	\r
379	EndOpCodeHandle = HiiAllocateOpCodeHandle ();\r
380	ASSERT (EndOpCodeHandle != NULL);\r
381	\r
382	//\r
383	// Create Hii Extend Label OpCode.\r
384	//\r
385	StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (\r
386	StartOpCodeHandle,\r
387	&gEfiIfrTianoGuid,\r
388	NULL,\r
389	sizeof (EFI_IFR_GUID_LABEL)\r
390	);\r
391	StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;\r
392	StartLabel->Number = LABEL_PERMIT_LOAD_FUNC;\r
393	\r
394	EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (\r
395	EndOpCodeHandle,\r
396	&gEfiIfrTianoGuid,\r
397	NULL,\r
398	sizeof (EFI_IFR_GUID_LABEL)\r
399	);\r
400	EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;\r
401	EndLabel->Number = LABEL_END;\r
402	\r
403	//\r
404	// Add each driver option.\r
405	//\r
406	Var = NULL;\r
407	ListCount = OrderSize / sizeof (UINT16);\r
408	for (Index = 0; Index < ListCount; Index++) {\r
409	//\r
410	// Get driver device path.\r
411	//\r
412	UnicodeSPrint (VarName, sizeof (VarName), L"Driver%04x", Order[Index]);\r
bf4a3dbd	413	GetEfiGlobalVariable2 (VarName, &Var, NULL);\r
0c5b25f0	414	if (Var == NULL) {\r
	415	continue;\r
	416	}\r
	417	\r
	418	//\r
	419	// Check whether the driver is already forbidden.\r
	420	//\r
	421	\r
	422	VarPtr = Var;\r
	423	//\r
	424	// Skip attribute.\r
	425	//\r
	426	VarPtr += sizeof (UINT32);\r
	427	\r
	428	//\r
	429	// Skip device path lenth.\r
	430	//\r
	431	VarPtr += sizeof (UINT16);\r
	432	\r
	433	//\r
	434	// Skip descript string.\r
	435	//\r
	436	VarPtr += StrSize ((UINT16 *) VarPtr);\r
	437	\r
	438	if (IsLoadForbidden ((EFI_DEVICE_PATH_PROTOCOL *) VarPtr)) {\r
	439	FreePool (Var);\r
	440	Var = NULL;\r
	441	continue;\r
	442	}\r
	443	\r
	444	AddDevicePath (\r
	445	KEY_MODIFY_USER \| KEY_MODIFY_AP_DP \| KEY_LOAD_PERMIT_MODIFY \| Order[Index],\r
	446	(EFI_DEVICE_PATH_PROTOCOL *) VarPtr,\r
	447	StartOpCodeHandle\r
	448	);\r
	449	FreePool (Var);\r
	450	Var = NULL;\r
	451	}\r
	452	\r
	453	HiiUpdateForm (\r
	454	mCallbackInfo->HiiHandle, // HII handle\r
	455	&gUserProfileManagerGuid, // Formset GUID\r
	456	FORMID_PERMIT_LOAD_DP, // Form ID\r
	457	StartOpCodeHandle, // Label for where to insert opcodes\r
	458	EndOpCodeHandle // Replace data\r
	459	);\r
	460	\r
	461	HiiFreeOpCodeHandle (StartOpCodeHandle);\r
	462	HiiFreeOpCodeHandle (EndOpCodeHandle);\r
	463	\r
	464	//\r
	465	// Clear Environment.\r
	466	//\r
	467	if (Var != NULL) {\r
	468	FreePool (Var);\r
	469	}\r
	470	FreePool (Order);\r
	471	}\r
	472	\r
	473	\r
	474	/**\r
	475	Display the forbid load device path list (mAccessInfo.LoadForbid).\r
	476	\r
	477	**/\r
478	VOID\r
479	DisplayLoadForbid (\r
480	VOID\r
481	)\r
482	{\r
483	UINTN Offset;\r
484	UINTN DPSize;\r
485	UINTN Index;\r
486	EFI_DEVICE_PATH_PROTOCOL *Dp;\r
487	VOID *StartOpCodeHandle;\r
488	VOID *EndOpCodeHandle;\r
489	EFI_IFR_GUID_LABEL *StartLabel;\r
490	EFI_IFR_GUID_LABEL *EndLabel;\r
491	\r
492	//\r
493	// Initialize the container for dynamic opcodes.\r
494	//\r
495	StartOpCodeHandle = HiiAllocateOpCodeHandle ();\r
496	ASSERT (StartOpCodeHandle != NULL);\r
497	\r
498	EndOpCodeHandle = HiiAllocateOpCodeHandle ();\r
499	ASSERT (EndOpCodeHandle != NULL);\r
500	\r
501	//\r
502	// Create Hii Extend Label OpCode.\r
503	//\r
504	StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (\r
505	StartOpCodeHandle,\r
506	&gEfiIfrTianoGuid,\r
507	NULL,\r
508	sizeof (EFI_IFR_GUID_LABEL)\r
509	);\r
510	StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;\r
511	StartLabel->Number = LABLE_FORBID_LOAD_FUNC;\r
512	\r
513	EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (\r
514	EndOpCodeHandle,\r
515	&gEfiIfrTianoGuid,\r
516	NULL,\r
517	sizeof (EFI_IFR_GUID_LABEL)\r
518	);\r
519	EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;\r
520	EndLabel->Number = LABEL_END;\r
521	\r
522	//\r
523	// Add each forbid load drivers.\r
524	//\r
525	Offset = 0;\r
526	Index = 0;\r
527	while (Offset < mAccessInfo.LoadForbidLen) {\r
528	Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + Offset);\r
529	DPSize = GetDevicePathSize (Dp);\r
530	AddDevicePath (\r
531	KEY_MODIFY_USER \| KEY_MODIFY_AP_DP \| KEY_LOAD_FORBID_MODIFY \| Index,\r
532	Dp,\r
533	StartOpCodeHandle\r
534	);\r
535	Index++;\r
536	Offset += DPSize;\r
537	}\r
538	\r
539	HiiUpdateForm (\r
540	mCallbackInfo->HiiHandle, // HII handle\r
541	&gUserProfileManagerGuid, // Formset GUID\r
542	FORMID_FORBID_LOAD_DP, // Form ID\r
543	StartOpCodeHandle, // Label for where to insert opcodes\r
544	EndOpCodeHandle // Replace data\r
545	);\r
546	\r
547	HiiFreeOpCodeHandle (StartOpCodeHandle);\r
548	HiiFreeOpCodeHandle (EndOpCodeHandle);\r
549	}\r
550	\r
551	\r
552	/**\r
553	Display the permit connect device path.\r
554	\r
555	**/\r
556	VOID\r
557	DisplayConnectPermit (\r
558	VOID\r
559	)\r
560	{\r
561	//\r
562	// Note: \r
563	// As no architect protocol/interface to be called in ConnectController()\r
564	// to verify the device path, just add a place holder for permitted connect\r
565	// device path.\r
566	//\r
567	}\r
568	\r
569	\r
570	/**\r
571	Display the forbid connect device path list.\r
572	\r
573	**/\r
574	VOID\r
575	DisplayConnectForbid (\r
576	VOID\r
577	)\r
578	{\r
579	//\r
580	// Note: \r
581	// As no architect protocol/interface to be called in ConnectController()\r
582	// to verify the device path, just add a place holder for forbidden connect\r
583	// device path.\r
584	//\r
585	}\r
586	\r
587	\r
588	/**\r
589	Delete the specified device path by DriverIndex from the forbid device path \r
590	list (mAccessInfo.LoadForbid).\r
591	\r
592	@param[in] DriverIndex The index of driver in forbidden device path list.\r
593	\r
594	**/\r
595	VOID\r
596	DeleteFromForbidLoad (\r
597	IN UINT16 DriverIndex\r
598	)\r
599	{\r
600	UINTN OffSet;\r
601	UINTN DPSize;\r
602	UINTN OffLen;\r
603	EFI_DEVICE_PATH_PROTOCOL *Dp;\r
604	\r
605	OffSet = 0;\r
606	//\r
607	// Find the specified device path.\r
608	//\r
609	while ((OffSet < mAccessInfo.LoadForbidLen) && (DriverIndex > 0)) {\r
610	Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + OffSet);\r
611	DPSize = GetDevicePathSize (Dp);\r
612	OffSet += DPSize;\r
613	DriverIndex--;\r
614	}\r
615	\r
616	//\r
617	// Specified device path found.\r
618	//\r
619	if (DriverIndex == 0) {\r
620	Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + OffSet);\r
621	DPSize = GetDevicePathSize (Dp);\r
622	OffLen = mAccessInfo.LoadForbidLen - OffSet - DPSize;\r
623	if (OffLen > 0) {\r
624	CopyMem (\r
625	mAccessInfo.LoadForbid + OffSet, \r
626	mAccessInfo.LoadForbid + OffSet + DPSize, \r
627	OffLen\r
628	);\r
629	}\r
630	mAccessInfo.LoadForbidLen -= DPSize;\r
631	}\r
632	}\r
633	\r
634	\r
635	/**\r
636	Add the specified device path by DriverIndex to the forbid device path \r
637	list (mAccessInfo.LoadForbid).\r
638	\r
639	@param[in] DriverIndex The index of driver saved in driver options.\r
640	\r
641	**/\r
642	VOID\r
643	AddToForbidLoad (\r
644	IN UINT16 DriverIndex\r
645	)\r
646	{\r
647	UINTN DevicePathLen;\r
648	UINT8 *Var;\r
649	UINT8 *VarPtr;\r
650	UINTN NewLen;\r
651	UINT8 *NewFL;\r
652	CHAR16 VarName[13];\r
653	\r
654	//\r
655	// Get loadable driver device path.\r
656	//\r
657	UnicodeSPrint (VarName, sizeof (VarName), L"Driver%04x", DriverIndex);\r
bf4a3dbd	658	GetEfiGlobalVariable2 (VarName, &Var, NULL);\r
0c5b25f0	659	if (Var == NULL) {\r
	660	return;\r
	661	}\r
	662	\r
	663	//\r
	664	// Save forbid load driver.\r
	665	//\r
	666	\r
	667	VarPtr = Var;\r
	668	//\r
	669	// Skip attribute.\r
	670	//\r
	671	VarPtr += sizeof (UINT32);\r
	672	\r
	673	DevicePathLen = (UINT16 ) VarPtr;\r
	674	//\r
	675	// Skip device path length.\r
	676	//\r
	677	VarPtr += sizeof (UINT16);\r
	678	\r
	679	//\r
	680	// Skip description string.\r
	681	//\r
	682	VarPtr += StrSize ((UINT16 *) VarPtr);\r
	683	\r
	684	NewLen = mAccessInfo.LoadForbidLen + DevicePathLen;\r
	685	NewFL = AllocateZeroPool (NewLen);\r
	686	if (NewFL == NULL) {\r
	687	FreePool (Var);\r
	688	return ;\r
	689	}\r
	690	\r
	691	if (mAccessInfo.LoadForbidLen > 0) {\r
	692	CopyMem (NewFL, mAccessInfo.LoadForbid, mAccessInfo.LoadForbidLen);\r
	693	FreePool (mAccessInfo.LoadForbid);\r
	694	}\r
	695	\r
	696	CopyMem (NewFL + mAccessInfo.LoadForbidLen, VarPtr, DevicePathLen);\r
	697	mAccessInfo.LoadForbidLen = NewLen;\r
	698	mAccessInfo.LoadForbid = NewFL;\r
	699	FreePool (Var);\r
	700	}\r
	701	\r
	702	\r