[mirror_edk2.git] / SecurityPkg / UserIdentification / UserProfileManagerDxe / ModifyAccessPolicy.c

/** @file\r
  The functions for access policy modification.\r
\r
Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>\r
This program and the accompanying materials\r
are licensed and made available under the terms and conditions of the BSD License\r
which accompanies this distribution.  The full text of the license may be found at\r
http://opensource.org/licenses/bsd-license.php\r
\r
THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
\r
**/\r
\r
#include "UserProfileManager.h"\r
\r
/**\r
  Collect all the access policy data to mUserInfo.AccessPolicy,\r
  and save it to user profile.\r
\r
**/\r
VOID\r
SaveAccessPolicy (\r
  VOID\r
  )\r
{\r
  EFI_STATUS                    Status;\r
  UINTN                         OffSet;\r
  UINTN                         Size;\r
  EFI_USER_INFO_ACCESS_CONTROL  Control;\r
  EFI_USER_INFO_HANDLE          UserInfo;\r
  EFI_USER_INFO                 *Info;\r
\r
  if (mUserInfo.AccessPolicy != NULL) {\r
    FreePool (mUserInfo.AccessPolicy);\r
  }\r
  mUserInfo.AccessPolicy          = NULL;\r
  mUserInfo.AccessPolicyLen       = 0;\r
  mUserInfo.AccessPolicyModified  = TRUE;\r
  OffSet                          = 0;\r
\r
  //\r
  // Save access right.\r
  //\r
  Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL);\r
  if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
    ExpandMemory (OffSet, Size);\r
  }\r
\r
  Control.Type = mAccessInfo.AccessRight;\r
  Control.Size = (UINT32) Size;\r
  CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
  OffSet += sizeof (Control);\r
\r
  //\r
  // Save access setup.\r
  //\r
  Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + sizeof (EFI_GUID);\r
  if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
    ExpandMemory (OffSet, Size);\r
  }\r
\r
  Control.Type = EFI_USER_INFO_ACCESS_SETUP;\r
  Control.Size = (UINT32) Size;\r
  CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
  OffSet += sizeof (Control);\r
\r
  if (mAccessInfo.AccessSetup == ACCESS_SETUP_NORMAL) {\r
    CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupNormalGuid);\r
  } else if (mAccessInfo.AccessSetup == ACCESS_SETUP_RESTRICTED) {\r
    CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupRestrictedGuid);\r
  } else if (mAccessInfo.AccessSetup == ACCESS_SETUP_ADMIN) {\r
    CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupAdminGuid);\r
  }\r
  OffSet += sizeof (EFI_GUID);\r
\r
  //\r
  // Save access of boot order.\r
  //\r
  Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + sizeof (UINT32);\r
  if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
    ExpandMemory (OffSet, Size);\r
  }\r
\r
  Control.Type = EFI_USER_INFO_ACCESS_BOOT_ORDER;\r
  Control.Size = (UINT32) Size;\r
  CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
  OffSet += sizeof (Control);\r
\r
  CopyMem ((UINT8 *) (mUserInfo.AccessPolicy + OffSet), &mAccessInfo.AccessBootOrder, sizeof (UINT32));\r
  OffSet += sizeof (UINT32);\r
\r
  //\r
  // Save permit load.\r
  //\r
  if (mAccessInfo.LoadPermitLen > 0) {\r
    Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.LoadPermitLen;\r
    if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
      ExpandMemory (OffSet, Size);\r
    }\r
\r
    Control.Type = EFI_USER_INFO_ACCESS_PERMIT_LOAD;\r
    Control.Size = (UINT32) Size;\r
    CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
    OffSet += sizeof (Control);\r
\r
    CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.LoadPermit, mAccessInfo.LoadPermitLen);\r
    OffSet += mAccessInfo.LoadPermitLen;\r
  }\r
\r
  //\r
  // Save forbid load.\r
  //\r
  if (mAccessInfo.LoadForbidLen > 0) {\r
    Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.LoadForbidLen;\r
    if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
      ExpandMemory (OffSet, Size);\r
    }\r
\r
    Control.Type = EFI_USER_INFO_ACCESS_FORBID_LOAD;\r
    Control.Size = (UINT32) Size;\r
    CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
    OffSet += sizeof (Control);\r
\r
    CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.LoadForbid, mAccessInfo.LoadForbidLen);\r
    OffSet += mAccessInfo.LoadForbidLen;\r
  }\r
\r
  //\r
  // Save permit connect.\r
  //\r
  if (mAccessInfo.ConnectPermitLen > 0) {\r
    Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.ConnectPermitLen;\r
    if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
      ExpandMemory (OffSet, Size);\r
    }\r
\r
    Control.Type = EFI_USER_INFO_ACCESS_PERMIT_CONNECT;\r
    Control.Size = (UINT32) Size;\r
    CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
    OffSet += sizeof (Control);\r
\r
    CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.ConnectPermit, mAccessInfo.ConnectPermitLen);\r
    OffSet += mAccessInfo.ConnectPermitLen;\r
  }\r
\r
  //\r
  // Save forbid connect.\r
  //\r
  if (mAccessInfo.ConnectForbidLen > 0) {\r
    Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.ConnectForbidLen;\r
    if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
      ExpandMemory (OffSet, Size);\r
    }\r
\r
    Control.Type = EFI_USER_INFO_ACCESS_FORBID_CONNECT;\r
    Control.Size = (UINT32) Size;\r
    CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
    OffSet += sizeof (Control);\r
\r
    CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.ConnectForbid, mAccessInfo.ConnectForbidLen);\r
    OffSet += mAccessInfo.ConnectForbidLen;\r
  }\r
\r
  mUserInfo.AccessPolicyLen = OffSet;\r
\r
  //\r
  // Save access policy.\r
  //\r
  if (mUserInfo.AccessPolicyModified && (mUserInfo.AccessPolicyLen > 0) && (mUserInfo.AccessPolicy != NULL)) {\r
    Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + mUserInfo.AccessPolicyLen);\r
    if (Info == NULL) {\r
      return ;\r
    }\r
\r
    Status = FindInfoByType (mModifyUser, EFI_USER_INFO_ACCESS_POLICY_RECORD, &UserInfo);\r
    if (!EFI_ERROR (Status)) {\r
      Info->InfoType    = EFI_USER_INFO_ACCESS_POLICY_RECORD;\r
      Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV |\r
                          EFI_USER_INFO_PUBLIC |\r
                          EFI_USER_INFO_EXCLUSIVE;\r
      Info->InfoSize    = (UINT32) (sizeof (EFI_USER_INFO) + mUserInfo.AccessPolicyLen);\r
      CopyMem ((UINT8 *) (Info + 1), mUserInfo.AccessPolicy, mUserInfo.AccessPolicyLen);\r
      Status = mUserManager->SetInfo (\r
                               mUserManager,\r
                               mModifyUser,\r
                               &UserInfo,\r
                               Info,\r
                               Info->InfoSize\r
                               );\r
      mUserInfo.AccessPolicyModified = FALSE;\r
    }\r
    FreePool (Info);\r
  }\r
\r
  if (mAccessInfo.ConnectForbid != NULL) {\r
    FreePool (mAccessInfo.ConnectForbid);\r
    mAccessInfo.ConnectForbid = NULL;\r
  }\r
\r
  if (mAccessInfo.ConnectPermit != NULL) {\r
    FreePool (mAccessInfo.ConnectPermit);\r
    mAccessInfo.ConnectPermit = NULL;\r
  }\r
\r
  if (mAccessInfo.LoadForbid != NULL) {\r
    FreePool (mAccessInfo.LoadForbid);\r
    mAccessInfo.LoadForbid = NULL;\r
  }\r
\r
  if (mAccessInfo.LoadPermit != NULL) {\r
    FreePool (mAccessInfo.LoadPermit);\r
    mAccessInfo.LoadPermit = NULL;\r
  }\r
}\r
\r
/**\r
  Create an action OpCode with QuestionID and DevicePath on a given OpCodeHandle.\r
\r
  @param[in]  QuestionID            The question ID.\r
  @param[in]  DevicePath            Points to device path.\r
  @param[in]  OpCodeHandle          Points to container for dynamic created opcodes.\r
\r
**/\r
VOID\r
AddDevicePath (\r
  IN  UINTN                                     QuestionID,\r
  IN  EFI_DEVICE_PATH_PROTOCOL                  *DevicePath,\r
  IN     VOID                                   *OpCodeHandle\r
  )\r
{\r
  EFI_DEVICE_PATH_PROTOCOL          *Next;\r
  EFI_STRING_ID                     NameID;\r
  EFI_STRING                        DriverName;\r
\r
  //\r
  // Get driver file name node.\r
  //\r
  Next = DevicePath;\r
  while (!IsDevicePathEnd (Next)) {\r
    DevicePath  = Next;\r
    Next        = NextDevicePathNode (Next);\r
  }\r
\r
  //\r
  // Display the device path in form.\r
  //\r
  DriverName = ConvertDevicePathToText (DevicePath, FALSE, FALSE);\r
  NameID = HiiSetString (mCallbackInfo->HiiHandle, 0, DriverName, NULL);\r
  FreePool (DriverName);\r
  if (NameID == 0) {\r
    return ;\r
  }\r
\r
  HiiCreateActionOpCode (\r
    OpCodeHandle,                   // Container for dynamic created opcodes\r
    (UINT16) QuestionID,            // Question ID\r
    NameID,                         // Prompt text\r
    STRING_TOKEN (STR_NULL_STRING), // Help text\r
    EFI_IFR_FLAG_CALLBACK,          // Question flag\r
    0                               // Action String ID\r
    );\r
}\r
\r
\r
/**\r
  Check whether the DevicePath is in the device path forbid list\r
  (mAccessInfo.LoadForbid).\r
\r
  @param[in]  DevicePath           Points to device path.\r
\r
  @retval TRUE     The DevicePath is in the device path forbid list.\r
  @retval FALSE    The DevicePath is not in the device path forbid list.\r
\r
**/\r
BOOLEAN\r
IsLoadForbidden (\r
  IN  EFI_DEVICE_PATH_PROTOCOL                  *DevicePath\r
  )\r
{\r
  UINTN                     OffSet;\r
  UINTN                     DPSize;\r
  UINTN                     Size;\r
  EFI_DEVICE_PATH_PROTOCOL  *Dp;\r
\r
  OffSet = 0;\r
  Size   = GetDevicePathSize (DevicePath);\r
  //\r
  // Check each device path.\r
  //\r
  while (OffSet < mAccessInfo.LoadForbidLen) {\r
    Dp      = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + OffSet);\r
    DPSize  = GetDevicePathSize (Dp);\r
    //\r
    // Compare device path.\r
    //\r
    if ((DPSize == Size) && (CompareMem (DevicePath, Dp, Size) == 0)) {\r
      return TRUE;\r
    }\r
    OffSet += DPSize;\r
  }\r
  return FALSE;\r
}\r
\r
\r
/**\r
  Display the permit load device path in the loadable device path list.\r
\r
**/\r
VOID\r
DisplayLoadPermit(\r
  VOID\r
  )\r
{\r
  EFI_STATUS          Status;\r
  CHAR16              *Order;\r
  UINTN               OrderSize;\r
  UINTN               ListCount;\r
  UINTN               Index;\r
  UINT8               *Var;\r
  UINT8               *VarPtr;\r
  CHAR16              VarName[12];\r
  VOID                *StartOpCodeHandle;\r
  VOID                *EndOpCodeHandle;\r
  EFI_IFR_GUID_LABEL  *StartLabel;\r
  EFI_IFR_GUID_LABEL  *EndLabel;\r
\r
  //\r
  // Get DriverOrder.\r
  //\r
  OrderSize = 0;\r
  Status    = gRT->GetVariable (\r
                     L"DriverOrder",\r
                     &gEfiGlobalVariableGuid,\r
                     NULL,\r
                     &OrderSize,\r
                     NULL\r
                     );\r
  if (Status != EFI_BUFFER_TOO_SMALL) {\r
    return ;\r
  }\r
\r
  Order = AllocateZeroPool (OrderSize);\r
  if (Order == NULL) {\r
    return ;\r
  }\r
\r
  Status = gRT->GetVariable (\r
                  L"DriverOrder",\r
                  &gEfiGlobalVariableGuid,\r
                  NULL,\r
                  &OrderSize,\r
                  Order\r
                  );\r
  if (EFI_ERROR (Status)) {\r
    return ;\r
  }\r
\r
  //\r
  // Initialize the container for dynamic opcodes.\r
  //\r
  StartOpCodeHandle = HiiAllocateOpCodeHandle ();\r
  ASSERT (StartOpCodeHandle != NULL);\r
\r
  EndOpCodeHandle = HiiAllocateOpCodeHandle ();\r
  ASSERT (EndOpCodeHandle != NULL);\r
\r
  //\r
  // Create Hii Extend Label OpCode.\r
  //\r
  StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (\r
                                        StartOpCodeHandle,\r
                                        &gEfiIfrTianoGuid,\r
                                        NULL,\r
                                        sizeof (EFI_IFR_GUID_LABEL)\r
                                        );\r
  StartLabel->ExtendOpCode  = EFI_IFR_EXTEND_OP_LABEL;\r
  StartLabel->Number        = LABEL_PERMIT_LOAD_FUNC;\r
\r
  EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (\r
                                      EndOpCodeHandle,\r
                                      &gEfiIfrTianoGuid,\r
                                      NULL,\r
                                      sizeof (EFI_IFR_GUID_LABEL)\r
                                      );\r
  EndLabel->ExtendOpCode  = EFI_IFR_EXTEND_OP_LABEL;\r
  EndLabel->Number        = LABEL_END;\r
\r
  //\r
  // Add each driver option.\r
  //\r
  Var       = NULL;\r
  ListCount = OrderSize / sizeof (UINT16);\r
  for (Index = 0; Index < ListCount; Index++) {\r
    //\r
    // Get driver device path.\r
    //\r
    UnicodeSPrint (VarName, sizeof (VarName), L"Driver%04x", Order[Index]);\r
    GetEfiGlobalVariable2 (VarName, (VOID**)&Var, NULL);\r
    if (Var == NULL) {\r
      continue;\r
    }\r
\r
    //\r
    // Check whether the driver is already forbidden.\r
    //\r
\r
    VarPtr = Var;\r
    //\r
    // Skip attribute.\r
    //\r
    VarPtr += sizeof (UINT32);\r
\r
    //\r
    // Skip device path lenth.\r
    //\r
    VarPtr += sizeof (UINT16);\r
\r
    //\r
    // Skip descript string.\r
    //\r
    VarPtr += StrSize ((UINT16 *) VarPtr);\r
\r
    if (IsLoadForbidden ((EFI_DEVICE_PATH_PROTOCOL *) VarPtr)) {\r
      FreePool (Var);\r
      Var = NULL;\r
      continue;\r
    }\r
\r
    AddDevicePath (\r
      KEY_MODIFY_USER | KEY_MODIFY_AP_DP | KEY_LOAD_PERMIT_MODIFY | Order[Index],\r
      (EFI_DEVICE_PATH_PROTOCOL *) VarPtr,\r
      StartOpCodeHandle\r
      );\r
    FreePool (Var);\r
    Var = NULL;\r
  }\r
\r
  HiiUpdateForm (\r
    mCallbackInfo->HiiHandle, // HII handle\r
    &gUserProfileManagerGuid, // Formset GUID\r
    FORMID_PERMIT_LOAD_DP,    // Form ID\r
    StartOpCodeHandle,        // Label for where to insert opcodes\r
    EndOpCodeHandle           // Replace data\r
    );\r
\r
  HiiFreeOpCodeHandle (StartOpCodeHandle);\r
  HiiFreeOpCodeHandle (EndOpCodeHandle);\r
\r
  //\r
  // Clear Environment.\r
  //\r
  if (Var != NULL) {\r
    FreePool (Var);\r
  }\r
  FreePool (Order);\r
}\r
\r
\r
/**\r
  Display the forbid load device path list (mAccessInfo.LoadForbid).\r
\r
**/\r
VOID\r
DisplayLoadForbid (\r
  VOID\r
  )\r
{\r
  UINTN                     Offset;\r
  UINTN                     DPSize;\r
  UINTN                     Index;\r
  EFI_DEVICE_PATH_PROTOCOL  *Dp;\r
  VOID                      *StartOpCodeHandle;\r
  VOID                      *EndOpCodeHandle;\r
  EFI_IFR_GUID_LABEL        *StartLabel;\r
  EFI_IFR_GUID_LABEL        *EndLabel;\r
\r
  //\r
  // Initialize the container for dynamic opcodes.\r
  //\r
  StartOpCodeHandle = HiiAllocateOpCodeHandle ();\r
  ASSERT (StartOpCodeHandle != NULL);\r
\r
  EndOpCodeHandle = HiiAllocateOpCodeHandle ();\r
  ASSERT (EndOpCodeHandle != NULL);\r
\r
  //\r
  // Create Hii Extend Label OpCode.\r
  //\r
  StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (\r
                                        StartOpCodeHandle,\r
                                        &gEfiIfrTianoGuid,\r
                                        NULL,\r
                                        sizeof (EFI_IFR_GUID_LABEL)\r
                                        );\r
  StartLabel->ExtendOpCode  = EFI_IFR_EXTEND_OP_LABEL;\r
  StartLabel->Number        = LABLE_FORBID_LOAD_FUNC;\r
\r
  EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (\r
                                      EndOpCodeHandle,\r
                                      &gEfiIfrTianoGuid,\r
                                      NULL,\r
                                      sizeof (EFI_IFR_GUID_LABEL)\r
                                      );\r
  EndLabel->ExtendOpCode  = EFI_IFR_EXTEND_OP_LABEL;\r
  EndLabel->Number        = LABEL_END;\r
\r
  //\r
  // Add each forbid load drivers.\r
  //\r
  Offset  = 0;\r
  Index   = 0;\r
  while (Offset < mAccessInfo.LoadForbidLen) {\r
    Dp      = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + Offset);\r
    DPSize  = GetDevicePathSize (Dp);\r
    AddDevicePath (\r
      KEY_MODIFY_USER | KEY_MODIFY_AP_DP | KEY_LOAD_FORBID_MODIFY | Index,\r
      Dp,\r
      StartOpCodeHandle\r
      );\r
    Index++;\r
    Offset += DPSize;\r
  }\r
\r
  HiiUpdateForm (\r
    mCallbackInfo->HiiHandle, // HII handle\r
    &gUserProfileManagerGuid, // Formset GUID\r
    FORMID_FORBID_LOAD_DP,    // Form ID\r
    StartOpCodeHandle,        // Label for where to insert opcodes\r
    EndOpCodeHandle           // Replace data\r
    );\r
\r
  HiiFreeOpCodeHandle (StartOpCodeHandle);\r
  HiiFreeOpCodeHandle (EndOpCodeHandle);\r
}\r
\r
\r
/**\r
  Display the permit connect device path.\r
\r
**/\r
VOID\r
DisplayConnectPermit (\r
  VOID\r
  )\r
{\r
  //\r
  // Note:\r
  // As no architect protocol/interface to be called in ConnectController()\r
  // to verify the device path, just add a place holder for permitted connect\r
  // device path.\r
  //\r
}\r
\r
\r
/**\r
  Display the forbid connect device path list.\r
\r
**/\r
VOID\r
DisplayConnectForbid (\r
  VOID\r
  )\r
{\r
  //\r
  // Note:\r
  // As no architect protocol/interface to be called in ConnectController()\r
  // to verify the device path, just add a place holder for forbidden connect\r
  // device path.\r
  //\r
}\r
\r
\r
/**\r
  Delete the specified device path by DriverIndex from the forbid device path\r
  list (mAccessInfo.LoadForbid).\r
\r
  @param[in]  DriverIndex   The index of driver in forbidden device path list.\r
\r
**/\r
VOID\r
DeleteFromForbidLoad (\r
  IN  UINT16                                    DriverIndex\r
  )\r
{\r
  UINTN                     OffSet;\r
  UINTN                     DPSize;\r
  UINTN                     OffLen;\r
  EFI_DEVICE_PATH_PROTOCOL  *Dp;\r
\r
  OffSet = 0;\r
  //\r
  // Find the specified device path.\r
  //\r
  while ((OffSet < mAccessInfo.LoadForbidLen) && (DriverIndex > 0)) {\r
    Dp      = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + OffSet);\r
    DPSize  = GetDevicePathSize (Dp);\r
    OffSet += DPSize;\r
    DriverIndex--;\r
  }\r
\r
  //\r
  // Specified device path found.\r
  //\r
  if (DriverIndex == 0) {\r
    Dp      = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + OffSet);\r
    DPSize  = GetDevicePathSize (Dp);\r
    OffLen  = mAccessInfo.LoadForbidLen - OffSet - DPSize;\r
    if (OffLen > 0) {\r
      CopyMem (\r
        mAccessInfo.LoadForbid + OffSet,\r
        mAccessInfo.LoadForbid + OffSet + DPSize,\r
        OffLen\r
        );\r
    }\r
    mAccessInfo.LoadForbidLen -= DPSize;\r
  }\r
}\r
\r
\r
/**\r
  Add the specified device path by DriverIndex to the forbid device path\r
  list (mAccessInfo.LoadForbid).\r
\r
  @param[in]  DriverIndex   The index of driver saved in driver options.\r
\r
**/\r
VOID\r
AddToForbidLoad (\r
  IN  UINT16                                    DriverIndex\r
  )\r
{\r
  UINTN       DevicePathLen;\r
  UINT8       *Var;\r
  UINT8       *VarPtr;\r
  UINTN       NewLen;\r
  UINT8       *NewFL;\r
  CHAR16      VarName[13];\r
\r
  //\r
  // Get loadable driver device path.\r
  //\r
  UnicodeSPrint  (VarName, sizeof (VarName), L"Driver%04x", DriverIndex);\r
  GetEfiGlobalVariable2 (VarName, (VOID**)&Var, NULL);\r
  if (Var == NULL) {\r
    return;\r
  }\r
\r
  //\r
  // Save forbid load driver.\r
  //\r
\r
  VarPtr = Var;\r
  //\r
  // Skip attribute.\r
  //\r
  VarPtr += sizeof (UINT32);\r
\r
  DevicePathLen = *(UINT16 *) VarPtr;\r
  //\r
  // Skip device path length.\r
  //\r
  VarPtr += sizeof (UINT16);\r
\r
  //\r
  // Skip description string.\r
  //\r
  VarPtr += StrSize ((UINT16 *) VarPtr);\r
\r
  NewLen  = mAccessInfo.LoadForbidLen + DevicePathLen;\r
  NewFL   = AllocateZeroPool (NewLen);\r
  if (NewFL == NULL) {\r
    FreePool (Var);\r
    return ;\r
  }\r
\r
  if (mAccessInfo.LoadForbidLen > 0) {\r
    CopyMem (NewFL, mAccessInfo.LoadForbid, mAccessInfo.LoadForbidLen);\r
    FreePool (mAccessInfo.LoadForbid);\r
  }\r
\r
  CopyMem (NewFL + mAccessInfo.LoadForbidLen, VarPtr, DevicePathLen);\r
  mAccessInfo.LoadForbidLen = NewLen;\r
  mAccessInfo.LoadForbid    = NewFL;\r
  FreePool (Var);\r
}\r
\r
\r
Commit	Line	Data
0c5b25f0	1	/** @file\r
0c5b25f0	2	The functions for access policy modification.\r
b3548d32 LG	3	\r
	4	Copyright (c) 2009 - 2018, Intel Corporation. All rights reserved.<BR>\r
	5	This program and the accompanying materials\r
	6	are licensed and made available under the terms and conditions of the BSD License\r
	7	which accompanies this distribution. The full text of the license may be found at\r
0c5b25f0	8	http://opensource.org/licenses/bsd-license.php\r
0c5b25f0	9	\r
b3548d32	10	THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,\r
0c5b25f0	11	WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.\r
	12	\r
	13	**/\r
	14	\r
	15	#include "UserProfileManager.h"\r
	16	\r
	17	/**\r
b3548d32	18	Collect all the access policy data to mUserInfo.AccessPolicy,\r
0c5b25f0	19	and save it to user profile.\r
	20	\r
	21	**/\r
	22	VOID\r
	23	SaveAccessPolicy (\r
	24	VOID\r
	25	)\r
	26	{\r
	27	EFI_STATUS Status;\r
	28	UINTN OffSet;\r
	29	UINTN Size;\r
	30	EFI_USER_INFO_ACCESS_CONTROL Control;\r
	31	EFI_USER_INFO_HANDLE UserInfo;\r
	32	EFI_USER_INFO *Info;\r
	33	\r
	34	if (mUserInfo.AccessPolicy != NULL) {\r
	35	FreePool (mUserInfo.AccessPolicy);\r
	36	}\r
	37	mUserInfo.AccessPolicy = NULL;\r
	38	mUserInfo.AccessPolicyLen = 0;\r
	39	mUserInfo.AccessPolicyModified = TRUE;\r
	40	OffSet = 0;\r
b3548d32	41	\r
0c5b25f0	42	//\r
	43	// Save access right.\r
	44	//\r
	45	Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL);\r
	46	if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
	47	ExpandMemory (OffSet, Size);\r
	48	}\r
	49	\r
	50	Control.Type = mAccessInfo.AccessRight;\r
	51	Control.Size = (UINT32) Size;\r
	52	CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
	53	OffSet += sizeof (Control);\r
b3548d32	54	\r
0c5b25f0	55	//\r
	56	// Save access setup.\r
	57	//\r
	58	Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + sizeof (EFI_GUID);\r
	59	if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
	60	ExpandMemory (OffSet, Size);\r
	61	}\r
	62	\r
	63	Control.Type = EFI_USER_INFO_ACCESS_SETUP;\r
b3548d32	64	Control.Size = (UINT32) Size;\r
0c5b25f0	65	CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
0c5b25f0	66	OffSet += sizeof (Control);\r
b3548d32	67	\r
0c5b25f0	68	if (mAccessInfo.AccessSetup == ACCESS_SETUP_NORMAL) {\r
	69	CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupNormalGuid);\r
	70	} else if (mAccessInfo.AccessSetup == ACCESS_SETUP_RESTRICTED) {\r
	71	CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupRestrictedGuid);\r
	72	} else if (mAccessInfo.AccessSetup == ACCESS_SETUP_ADMIN) {\r
	73	CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupAdminGuid);\r
	74	}\r
	75	OffSet += sizeof (EFI_GUID);\r
b3548d32	76	\r
0c5b25f0	77	//\r
	78	// Save access of boot order.\r
	79	//\r
	80	Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + sizeof (UINT32);\r
	81	if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
	82	ExpandMemory (OffSet, Size);\r
	83	}\r
	84	\r
	85	Control.Type = EFI_USER_INFO_ACCESS_BOOT_ORDER;\r
b3548d32	86	Control.Size = (UINT32) Size;\r
0c5b25f0	87	CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
	88	OffSet += sizeof (Control);\r
	89	\r
	90	CopyMem ((UINT8 *) (mUserInfo.AccessPolicy + OffSet), &mAccessInfo.AccessBootOrder, sizeof (UINT32));\r
	91	OffSet += sizeof (UINT32);\r
b3548d32	92	\r
0c5b25f0	93	//\r
	94	// Save permit load.\r
	95	//\r
	96	if (mAccessInfo.LoadPermitLen > 0) {\r
	97	Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.LoadPermitLen;\r
	98	if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
	99	ExpandMemory (OffSet, Size);\r
	100	}\r
	101	\r
	102	Control.Type = EFI_USER_INFO_ACCESS_PERMIT_LOAD;\r
b3548d32	103	Control.Size = (UINT32) Size;\r
0c5b25f0	104	CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
0c5b25f0	105	OffSet += sizeof (Control);\r
b3548d32	106	\r
0c5b25f0	107	CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.LoadPermit, mAccessInfo.LoadPermitLen);\r
	108	OffSet += mAccessInfo.LoadPermitLen;\r
	109	}\r
b3548d32	110	\r
0c5b25f0	111	//\r
	112	// Save forbid load.\r
	113	//\r
	114	if (mAccessInfo.LoadForbidLen > 0) {\r
	115	Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.LoadForbidLen;\r
	116	if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
	117	ExpandMemory (OffSet, Size);\r
	118	}\r
	119	\r
	120	Control.Type = EFI_USER_INFO_ACCESS_FORBID_LOAD;\r
b3548d32	121	Control.Size = (UINT32) Size;\r
0c5b25f0	122	CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
0c5b25f0	123	OffSet += sizeof (Control);\r
b3548d32	124	\r
0c5b25f0	125	CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.LoadForbid, mAccessInfo.LoadForbidLen);\r
	126	OffSet += mAccessInfo.LoadForbidLen;\r
	127	}\r
b3548d32	128	\r
0c5b25f0	129	//\r
	130	// Save permit connect.\r
	131	//\r
	132	if (mAccessInfo.ConnectPermitLen > 0) {\r
	133	Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.ConnectPermitLen;\r
	134	if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
	135	ExpandMemory (OffSet, Size);\r
	136	}\r
	137	\r
	138	Control.Type = EFI_USER_INFO_ACCESS_PERMIT_CONNECT;\r
b3548d32	139	Control.Size = (UINT32) Size;\r
0c5b25f0	140	CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
0c5b25f0	141	OffSet += sizeof (Control);\r
b3548d32	142	\r
0c5b25f0	143	CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.ConnectPermit, mAccessInfo.ConnectPermitLen);\r
	144	OffSet += mAccessInfo.ConnectPermitLen;\r
	145	}\r
b3548d32	146	\r
0c5b25f0	147	//\r
	148	// Save forbid connect.\r
	149	//\r
	150	if (mAccessInfo.ConnectForbidLen > 0) {\r
	151	Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.ConnectForbidLen;\r
	152	if (mUserInfo.AccessPolicyLen - OffSet < Size) {\r
	153	ExpandMemory (OffSet, Size);\r
	154	}\r
	155	\r
	156	Control.Type = EFI_USER_INFO_ACCESS_FORBID_CONNECT;\r
b3548d32	157	Control.Size = (UINT32) Size;\r
0c5b25f0	158	CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));\r
0c5b25f0	159	OffSet += sizeof (Control);\r
b3548d32	160	\r
0c5b25f0	161	CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.ConnectForbid, mAccessInfo.ConnectForbidLen);\r
	162	OffSet += mAccessInfo.ConnectForbidLen;\r
	163	}\r
	164	\r
	165	mUserInfo.AccessPolicyLen = OffSet;\r
	166	\r
	167	//\r
	168	// Save access policy.\r
	169	//\r
44a957c6	170	if (mUserInfo.AccessPolicyModified && (mUserInfo.AccessPolicyLen > 0) && (mUserInfo.AccessPolicy != NULL)) {\r
0c5b25f0	171	Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + mUserInfo.AccessPolicyLen);\r
	172	if (Info == NULL) {\r
	173	return ;\r
	174	}\r
	175	\r
	176	Status = FindInfoByType (mModifyUser, EFI_USER_INFO_ACCESS_POLICY_RECORD, &UserInfo);\r
	177	if (!EFI_ERROR (Status)) {\r
	178	Info->InfoType = EFI_USER_INFO_ACCESS_POLICY_RECORD;\r
	179	Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV \|\r
	180	EFI_USER_INFO_PUBLIC \|\r
	181	EFI_USER_INFO_EXCLUSIVE;\r
	182	Info->InfoSize = (UINT32) (sizeof (EFI_USER_INFO) + mUserInfo.AccessPolicyLen);\r
	183	CopyMem ((UINT8 *) (Info + 1), mUserInfo.AccessPolicy, mUserInfo.AccessPolicyLen);\r
	184	Status = mUserManager->SetInfo (\r
	185	mUserManager,\r
	186	mModifyUser,\r
	187	&UserInfo,\r
	188	Info,\r
	189	Info->InfoSize\r
	190	);\r
	191	mUserInfo.AccessPolicyModified = FALSE;\r
	192	}\r
	193	FreePool (Info);\r
	194	}\r
	195	\r
	196	if (mAccessInfo.ConnectForbid != NULL) {\r
	197	FreePool (mAccessInfo.ConnectForbid);\r
	198	mAccessInfo.ConnectForbid = NULL;\r
	199	}\r
	200	\r
	201	if (mAccessInfo.ConnectPermit != NULL) {\r
	202	FreePool (mAccessInfo.ConnectPermit);\r
	203	mAccessInfo.ConnectPermit = NULL;\r
	204	}\r
	205	\r
	206	if (mAccessInfo.LoadForbid != NULL) {\r
	207	FreePool (mAccessInfo.LoadForbid);\r
	208	mAccessInfo.LoadForbid = NULL;\r
	209	}\r
	210	\r
	211	if (mAccessInfo.LoadPermit != NULL) {\r
	212	FreePool (mAccessInfo.LoadPermit);\r
	213	mAccessInfo.LoadPermit = NULL;\r
	214	}\r
	215	}\r
	216	\r
	217	/**\r
	218	Create an action OpCode with QuestionID and DevicePath on a given OpCodeHandle.\r
	219	\r
	220	@param[in] QuestionID The question ID.\r
	221	@param[in] DevicePath Points to device path.\r
	222	@param[in] OpCodeHandle Points to container for dynamic created opcodes.\r
	223	\r
	224	**/\r
	225	VOID\r
	226	AddDevicePath (\r
	227	IN UINTN QuestionID,\r
	228	IN EFI_DEVICE_PATH_PROTOCOL *DevicePath,\r
	229	IN VOID *OpCodeHandle\r
	230	)\r
	231	{\r
0c5b25f0	232	EFI_DEVICE_PATH_PROTOCOL *Next;\r
	233	EFI_STRING_ID NameID;\r
	234	EFI_STRING DriverName;\r
0c5b25f0	235	\r
0c5b25f0	236	//\r
	237	// Get driver file name node.\r
	238	//\r
	239	Next = DevicePath;\r
	240	while (!IsDevicePathEnd (Next)) {\r
	241	DevicePath = Next;\r
	242	Next = NextDevicePathNode (Next);\r
	243	}\r
	244	\r
	245	//\r
	246	// Display the device path in form.\r
	247	//\r
863986b3	248	DriverName = ConvertDevicePathToText (DevicePath, FALSE, FALSE);\r
0c5b25f0	249	NameID = HiiSetString (mCallbackInfo->HiiHandle, 0, DriverName, NULL);\r
	250	FreePool (DriverName);\r
	251	if (NameID == 0) {\r
	252	return ;\r
	253	}\r
	254	\r
	255	HiiCreateActionOpCode (\r
	256	OpCodeHandle, // Container for dynamic created opcodes\r
	257	(UINT16) QuestionID, // Question ID\r
	258	NameID, // Prompt text\r
	259	STRING_TOKEN (STR_NULL_STRING), // Help text\r
	260	EFI_IFR_FLAG_CALLBACK, // Question flag\r
	261	0 // Action String ID\r
	262	);\r
	263	}\r
	264	\r
	265	\r
	266	/**\r
b3548d32	267	Check whether the DevicePath is in the device path forbid list\r
0c5b25f0	268	(mAccessInfo.LoadForbid).\r
	269	\r
	270	@param[in] DevicePath Points to device path.\r
b3548d32	271	\r
0c5b25f0	272	@retval TRUE The DevicePath is in the device path forbid list.\r
	273	@retval FALSE The DevicePath is not in the device path forbid list.\r
	274	\r
	275	**/\r
	276	BOOLEAN\r
	277	IsLoadForbidden (\r
	278	IN EFI_DEVICE_PATH_PROTOCOL *DevicePath\r
	279	)\r
	280	{\r
	281	UINTN OffSet;\r
	282	UINTN DPSize;\r
	283	UINTN Size;\r
	284	EFI_DEVICE_PATH_PROTOCOL *Dp;\r
	285	\r
	286	OffSet = 0;\r
	287	Size = GetDevicePathSize (DevicePath);\r
	288	//\r
	289	// Check each device path.\r
	290	//\r
	291	while (OffSet < mAccessInfo.LoadForbidLen) {\r
	292	Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + OffSet);\r
	293	DPSize = GetDevicePathSize (Dp);\r
	294	//\r
	295	// Compare device path.\r
	296	//\r
	297	if ((DPSize == Size) && (CompareMem (DevicePath, Dp, Size) == 0)) {\r
	298	return TRUE;\r
	299	}\r
	300	OffSet += DPSize;\r
	301	}\r
	302	return FALSE;\r
	303	}\r
	304	\r
	305	\r
	306	/**\r
	307	Display the permit load device path in the loadable device path list.\r
	308	\r
	309	**/\r
	310	VOID\r
	311	DisplayLoadPermit(\r
	312	VOID\r
	313	)\r
	314	{\r
	315	EFI_STATUS Status;\r
	316	CHAR16 *Order;\r
	317	UINTN OrderSize;\r
	318	UINTN ListCount;\r
	319	UINTN Index;\r
	320	UINT8 *Var;\r
	321	UINT8 *VarPtr;\r
	322	CHAR16 VarName[12];\r
	323	VOID *StartOpCodeHandle;\r
	324	VOID *EndOpCodeHandle;\r
	325	EFI_IFR_GUID_LABEL *StartLabel;\r
	326	EFI_IFR_GUID_LABEL *EndLabel;\r
	327	\r
	328	//\r
	329	// Get DriverOrder.\r
	330	//\r
	331	OrderSize = 0;\r
	332	Status = gRT->GetVariable (\r
b3548d32 LG	333	L"DriverOrder",\r
	334	&gEfiGlobalVariableGuid,\r
	335	NULL,\r
	336	&OrderSize,\r
0c5b25f0	337	NULL\r
	338	);\r
	339	if (Status != EFI_BUFFER_TOO_SMALL) {\r
	340	return ;\r
	341	}\r
	342	\r
	343	Order = AllocateZeroPool (OrderSize);\r
	344	if (Order == NULL) {\r
	345	return ;\r
	346	}\r
	347	\r
	348	Status = gRT->GetVariable (\r
b3548d32 LG	349	L"DriverOrder",\r
	350	&gEfiGlobalVariableGuid,\r
	351	NULL,\r
	352	&OrderSize,\r
0c5b25f0	353	Order\r
	354	);\r
	355	if (EFI_ERROR (Status)) {\r
	356	return ;\r
	357	}\r
b3548d32	358	\r
0c5b25f0	359	//\r
	360	// Initialize the container for dynamic opcodes.\r
	361	//\r
	362	StartOpCodeHandle = HiiAllocateOpCodeHandle ();\r
	363	ASSERT (StartOpCodeHandle != NULL);\r
	364	\r
	365	EndOpCodeHandle = HiiAllocateOpCodeHandle ();\r
	366	ASSERT (EndOpCodeHandle != NULL);\r
	367	\r
	368	//\r
	369	// Create Hii Extend Label OpCode.\r
	370	//\r
	371	StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (\r
	372	StartOpCodeHandle,\r
	373	&gEfiIfrTianoGuid,\r
	374	NULL,\r
	375	sizeof (EFI_IFR_GUID_LABEL)\r
	376	);\r
	377	StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;\r
	378	StartLabel->Number = LABEL_PERMIT_LOAD_FUNC;\r
	379	\r
	380	EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (\r
	381	EndOpCodeHandle,\r
	382	&gEfiIfrTianoGuid,\r
	383	NULL,\r
	384	sizeof (EFI_IFR_GUID_LABEL)\r
	385	);\r
	386	EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;\r
	387	EndLabel->Number = LABEL_END;\r
	388	\r
	389	//\r
	390	// Add each driver option.\r
	391	//\r
	392	Var = NULL;\r
	393	ListCount = OrderSize / sizeof (UINT16);\r
	394	for (Index = 0; Index < ListCount; Index++) {\r
	395	//\r
	396	// Get driver device path.\r
	397	//\r
	398	UnicodeSPrint (VarName, sizeof (VarName), L"Driver%04x", Order[Index]);\r
f01b91ae	399	GetEfiGlobalVariable2 (VarName, (VOID**)&Var, NULL);\r
0c5b25f0	400	if (Var == NULL) {\r
	401	continue;\r
	402	}\r
b3548d32	403	\r
0c5b25f0	404	//\r
	405	// Check whether the driver is already forbidden.\r
	406	//\r
b3548d32	407	\r
0c5b25f0	408	VarPtr = Var;\r
	409	//\r
	410	// Skip attribute.\r
	411	//\r
	412	VarPtr += sizeof (UINT32);\r
	413	\r
	414	//\r
	415	// Skip device path lenth.\r
	416	//\r
	417	VarPtr += sizeof (UINT16);\r
	418	\r
	419	//\r
	420	// Skip descript string.\r
	421	//\r
	422	VarPtr += StrSize ((UINT16 *) VarPtr);\r
	423	\r
	424	if (IsLoadForbidden ((EFI_DEVICE_PATH_PROTOCOL *) VarPtr)) {\r
	425	FreePool (Var);\r
	426	Var = NULL;\r
	427	continue;\r
	428	}\r
	429	\r
	430	AddDevicePath (\r
	431	KEY_MODIFY_USER \| KEY_MODIFY_AP_DP \| KEY_LOAD_PERMIT_MODIFY \| Order[Index],\r
	432	(EFI_DEVICE_PATH_PROTOCOL *) VarPtr,\r
	433	StartOpCodeHandle\r
	434	);\r
	435	FreePool (Var);\r
	436	Var = NULL;\r
	437	}\r
	438	\r
	439	HiiUpdateForm (\r
	440	mCallbackInfo->HiiHandle, // HII handle\r
	441	&gUserProfileManagerGuid, // Formset GUID\r
	442	FORMID_PERMIT_LOAD_DP, // Form ID\r
	443	StartOpCodeHandle, // Label for where to insert opcodes\r
	444	EndOpCodeHandle // Replace data\r
	445	);\r
	446	\r
	447	HiiFreeOpCodeHandle (StartOpCodeHandle);\r
	448	HiiFreeOpCodeHandle (EndOpCodeHandle);\r
	449	\r
	450	//\r
	451	// Clear Environment.\r
	452	//\r
	453	if (Var != NULL) {\r
	454	FreePool (Var);\r
	455	}\r
	456	FreePool (Order);\r
	457	}\r
	458	\r
	459	\r
	460	/**\r
	461	Display the forbid load device path list (mAccessInfo.LoadForbid).\r
	462	\r
	463	**/\r
	464	VOID\r
	465	DisplayLoadForbid (\r
	466	VOID\r
	467	)\r
	468	{\r
	469	UINTN Offset;\r
	470	UINTN DPSize;\r
	471	UINTN Index;\r
472	EFI_DEVICE_PATH_PROTOCOL *Dp;\r
473	VOID *StartOpCodeHandle;\r
474	VOID *EndOpCodeHandle;\r
475	EFI_IFR_GUID_LABEL *StartLabel;\r
476	EFI_IFR_GUID_LABEL *EndLabel;\r
477	\r
478	//\r
479	// Initialize the container for dynamic opcodes.\r
480	//\r
481	StartOpCodeHandle = HiiAllocateOpCodeHandle ();\r
482	ASSERT (StartOpCodeHandle != NULL);\r
483	\r
484	EndOpCodeHandle = HiiAllocateOpCodeHandle ();\r
485	ASSERT (EndOpCodeHandle != NULL);\r
486	\r
487	//\r
488	// Create Hii Extend Label OpCode.\r
489	//\r
490	StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (\r
491	StartOpCodeHandle,\r
492	&gEfiIfrTianoGuid,\r
493	NULL,\r
494	sizeof (EFI_IFR_GUID_LABEL)\r
495	);\r
496	StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;\r
497	StartLabel->Number = LABLE_FORBID_LOAD_FUNC;\r
498	\r
499	EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (\r
500	EndOpCodeHandle,\r
501	&gEfiIfrTianoGuid,\r
502	NULL,\r
503	sizeof (EFI_IFR_GUID_LABEL)\r
504	);\r
505	EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;\r
506	EndLabel->Number = LABEL_END;\r
507	\r
508	//\r
509	// Add each forbid load drivers.\r
510	//\r
511	Offset = 0;\r
512	Index = 0;\r
513	while (Offset < mAccessInfo.LoadForbidLen) {\r
514	Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + Offset);\r
515	DPSize = GetDevicePathSize (Dp);\r
516	AddDevicePath (\r
517	KEY_MODIFY_USER \| KEY_MODIFY_AP_DP \| KEY_LOAD_FORBID_MODIFY \| Index,\r
518	Dp,\r
519	StartOpCodeHandle\r
520	);\r
521	Index++;\r
522	Offset += DPSize;\r
523	}\r
524	\r
525	HiiUpdateForm (\r
526	mCallbackInfo->HiiHandle, // HII handle\r
527	&gUserProfileManagerGuid, // Formset GUID\r
528	FORMID_FORBID_LOAD_DP, // Form ID\r
529	StartOpCodeHandle, // Label for where to insert opcodes\r
530	EndOpCodeHandle // Replace data\r
531	);\r
532	\r
533	HiiFreeOpCodeHandle (StartOpCodeHandle);\r
534	HiiFreeOpCodeHandle (EndOpCodeHandle);\r
535	}\r
536	\r
537	\r
538	/**\r
539	Display the permit connect device path.\r
540	\r
541	**/\r
542	VOID\r
543	DisplayConnectPermit (\r
544	VOID\r
545	)\r
546	{\r
547	//\r
b3548d32	548	// Note:\r
0c5b25f0	549	// As no architect protocol/interface to be called in ConnectController()\r
	550	// to verify the device path, just add a place holder for permitted connect\r
	551	// device path.\r
	552	//\r
	553	}\r
	554	\r
	555	\r
	556	/**\r
	557	Display the forbid connect device path list.\r
	558	\r
	559	**/\r
	560	VOID\r
	561	DisplayConnectForbid (\r
	562	VOID\r
	563	)\r
	564	{\r
	565	//\r
b3548d32	566	// Note:\r
0c5b25f0	567	// As no architect protocol/interface to be called in ConnectController()\r
	568	// to verify the device path, just add a place holder for forbidden connect\r
	569	// device path.\r
	570	//\r
	571	}\r
	572	\r
	573	\r
	574	/**\r
b3548d32	575	Delete the specified device path by DriverIndex from the forbid device path\r
0c5b25f0	576	list (mAccessInfo.LoadForbid).\r
	577	\r
	578	@param[in] DriverIndex The index of driver in forbidden device path list.\r
b3548d32	579	\r
0c5b25f0	580	**/\r
	581	VOID\r
	582	DeleteFromForbidLoad (\r
	583	IN UINT16 DriverIndex\r
	584	)\r
	585	{\r
	586	UINTN OffSet;\r
	587	UINTN DPSize;\r
	588	UINTN OffLen;\r
	589	EFI_DEVICE_PATH_PROTOCOL *Dp;\r
	590	\r
	591	OffSet = 0;\r
	592	//\r
	593	// Find the specified device path.\r
	594	//\r
	595	while ((OffSet < mAccessInfo.LoadForbidLen) && (DriverIndex > 0)) {\r
	596	Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + OffSet);\r
	597	DPSize = GetDevicePathSize (Dp);\r
	598	OffSet += DPSize;\r
	599	DriverIndex--;\r
	600	}\r
b3548d32	601	\r
0c5b25f0	602	//\r
	603	// Specified device path found.\r
	604	//\r
	605	if (DriverIndex == 0) {\r
	606	Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + OffSet);\r
	607	DPSize = GetDevicePathSize (Dp);\r
	608	OffLen = mAccessInfo.LoadForbidLen - OffSet - DPSize;\r
	609	if (OffLen > 0) {\r
	610	CopyMem (\r
b3548d32 LG	611	mAccessInfo.LoadForbid + OffSet,\r
b3548d32 LG	612	mAccessInfo.LoadForbid + OffSet + DPSize,\r
0c5b25f0	613	OffLen\r
	614	);\r
	615	}\r
	616	mAccessInfo.LoadForbidLen -= DPSize;\r
	617	}\r
	618	}\r
	619	\r
	620	\r
	621	/**\r
b3548d32	622	Add the specified device path by DriverIndex to the forbid device path\r
0c5b25f0	623	list (mAccessInfo.LoadForbid).\r
	624	\r
	625	@param[in] DriverIndex The index of driver saved in driver options.\r
b3548d32	626	\r
0c5b25f0	627	**/\r
	628	VOID\r
	629	AddToForbidLoad (\r
	630	IN UINT16 DriverIndex\r
	631	)\r
	632	{\r
	633	UINTN DevicePathLen;\r
	634	UINT8 *Var;\r
	635	UINT8 *VarPtr;\r
	636	UINTN NewLen;\r
	637	UINT8 *NewFL;\r
	638	CHAR16 VarName[13];\r
	639	\r
	640	//\r
	641	// Get loadable driver device path.\r
	642	//\r
	643	UnicodeSPrint (VarName, sizeof (VarName), L"Driver%04x", DriverIndex);\r
f01b91ae	644	GetEfiGlobalVariable2 (VarName, (VOID**)&Var, NULL);\r
0c5b25f0	645	if (Var == NULL) {\r
	646	return;\r
	647	}\r
b3548d32	648	\r
0c5b25f0	649	//\r
	650	// Save forbid load driver.\r
	651	//\r
b3548d32	652	\r
0c5b25f0	653	VarPtr = Var;\r
	654	//\r
	655	// Skip attribute.\r
	656	//\r
	657	VarPtr += sizeof (UINT32);\r
	658	\r
	659	DevicePathLen = (UINT16 ) VarPtr;\r
	660	//\r
	661	// Skip device path length.\r
	662	//\r
	663	VarPtr += sizeof (UINT16);\r
	664	\r
	665	//\r
	666	// Skip description string.\r
	667	//\r
	668	VarPtr += StrSize ((UINT16 *) VarPtr);\r
	669	\r
	670	NewLen = mAccessInfo.LoadForbidLen + DevicePathLen;\r
	671	NewFL = AllocateZeroPool (NewLen);\r
	672	if (NewFL == NULL) {\r
	673	FreePool (Var);\r
	674	return ;\r
	675	}\r
	676	\r
	677	if (mAccessInfo.LoadForbidLen > 0) {\r
	678	CopyMem (NewFL, mAccessInfo.LoadForbid, mAccessInfo.LoadForbidLen);\r
	679	FreePool (mAccessInfo.LoadForbid);\r
	680	}\r
	681	\r
	682	CopyMem (NewFL + mAccessInfo.LoadForbidLen, VarPtr, DevicePathLen);\r
	683	mAccessInfo.LoadForbidLen = NewLen;\r
	684	mAccessInfo.LoadForbid = NewFL;\r
	685	FreePool (Var);\r
	686	}\r
	687	\r
	688	\r