]> git.proxmox.com Git - mirror_edk2.git/blob - SecurityPkg/UserIdentification/UserProfileManagerDxe/ModifyAccessPolicy.c
projects / mirror_edk2.git / blob
? search:


d73f77eeec970fa87adb7dde444209b3ed4c6b92
[mirror_edk2.git] / SecurityPkg / UserIdentification / UserProfileManagerDxe / ModifyAccessPolicy.c
1 /** @file
2 The functions for access policy modification.
3
4 Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
9
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
12
13 **/
14
15 #include "UserProfileManager.h"
16
17 /**
18 Collect all the access policy data to mUserInfo.AccessPolicy,
19 and save it to user profile.
20
21 **/
22 VOID
23 SaveAccessPolicy (
24 VOID
25 )
26 {
27 EFI_STATUS Status;
28 UINTN OffSet;
29 UINTN Size;
30 EFI_USER_INFO_ACCESS_CONTROL Control;
31 EFI_USER_INFO_HANDLE UserInfo;
32 EFI_USER_INFO *Info;
33
34 if (mUserInfo.AccessPolicy != NULL) {
35 FreePool (mUserInfo.AccessPolicy);
36 }
37 mUserInfo.AccessPolicy = NULL;
38 mUserInfo.AccessPolicyLen = 0;
39 mUserInfo.AccessPolicyModified = TRUE;
40 OffSet = 0;
41
42 //
43 // Save access right.
44 //
45 Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL);
46 if (mUserInfo.AccessPolicyLen - OffSet < Size) {
47 ExpandMemory (OffSet, Size);
48 }
49
50 Control.Type = mAccessInfo.AccessRight;
51 Control.Size = (UINT32) Size;
52 CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));
53 OffSet += sizeof (Control);
54
55 //
56 // Save access setup.
57 //
58 Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + sizeof (EFI_GUID);
59 if (mUserInfo.AccessPolicyLen - OffSet < Size) {
60 ExpandMemory (OffSet, Size);
61 }
62
63 Control.Type = EFI_USER_INFO_ACCESS_SETUP;
64 Control.Size = (UINT32) Size;
65 CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));
66 OffSet += sizeof (Control);
67
68 if (mAccessInfo.AccessSetup == ACCESS_SETUP_NORMAL) {
69 CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupNormalGuid);
70 } else if (mAccessInfo.AccessSetup == ACCESS_SETUP_RESTRICTED) {
71 CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupRestrictedGuid);
72 } else if (mAccessInfo.AccessSetup == ACCESS_SETUP_ADMIN) {
73 CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupAdminGuid);
74 }
75 OffSet += sizeof (EFI_GUID);
76
77 //
78 // Save access of boot order.
79 //
80 Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + sizeof (UINT32);
81 if (mUserInfo.AccessPolicyLen - OffSet < Size) {
82 ExpandMemory (OffSet, Size);
83 }
84
85 Control.Type = EFI_USER_INFO_ACCESS_BOOT_ORDER;
86 Control.Size = (UINT32) Size;
87 CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));
88 OffSet += sizeof (Control);
89
90 CopyMem ((UINT8 *) (mUserInfo.AccessPolicy + OffSet), &mAccessInfo.AccessBootOrder, sizeof (UINT32));
91 OffSet += sizeof (UINT32);
92
93 //
94 // Save permit load.
95 //
96 if (mAccessInfo.LoadPermitLen > 0) {
97 Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.LoadPermitLen;
98 if (mUserInfo.AccessPolicyLen - OffSet < Size) {
99 ExpandMemory (OffSet, Size);
100 }
101
102 Control.Type = EFI_USER_INFO_ACCESS_PERMIT_LOAD;
103 Control.Size = (UINT32) Size;
104 CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));
105 OffSet += sizeof (Control);
106
107 CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.LoadPermit, mAccessInfo.LoadPermitLen);
108 OffSet += mAccessInfo.LoadPermitLen;
109 }
110
111 //
112 // Save forbid load.
113 //
114 if (mAccessInfo.LoadForbidLen > 0) {
115 Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.LoadForbidLen;
116 if (mUserInfo.AccessPolicyLen - OffSet < Size) {
117 ExpandMemory (OffSet, Size);
118 }
119
120 Control.Type = EFI_USER_INFO_ACCESS_FORBID_LOAD;
121 Control.Size = (UINT32) Size;
122 CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));
123 OffSet += sizeof (Control);
124
125 CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.LoadForbid, mAccessInfo.LoadForbidLen);
126 OffSet += mAccessInfo.LoadForbidLen;
127 }
128
129 //
130 // Save permit connect.
131 //
132 if (mAccessInfo.ConnectPermitLen > 0) {
133 Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.ConnectPermitLen;
134 if (mUserInfo.AccessPolicyLen - OffSet < Size) {
135 ExpandMemory (OffSet, Size);
136 }
137
138 Control.Type = EFI_USER_INFO_ACCESS_PERMIT_CONNECT;
139 Control.Size = (UINT32) Size;
140 CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));
141 OffSet += sizeof (Control);
142
143 CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.ConnectPermit, mAccessInfo.ConnectPermitLen);
144 OffSet += mAccessInfo.ConnectPermitLen;
145 }
146
147 //
148 // Save forbid connect.
149 //
150 if (mAccessInfo.ConnectForbidLen > 0) {
151 Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.ConnectForbidLen;
152 if (mUserInfo.AccessPolicyLen - OffSet < Size) {
153 ExpandMemory (OffSet, Size);
154 }
155
156 Control.Type = EFI_USER_INFO_ACCESS_FORBID_CONNECT;
157 Control.Size = (UINT32) Size;
158 CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control));
159 OffSet += sizeof (Control);
160
161 CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.ConnectForbid, mAccessInfo.ConnectForbidLen);
162 OffSet += mAccessInfo.ConnectForbidLen;
163 }
164
165 mUserInfo.AccessPolicyLen = OffSet;
166
167 //
168 // Save access policy.
169 //
170 if (mUserInfo.AccessPolicyModified && (mUserInfo.AccessPolicyLen > 0) && (mUserInfo.AccessPolicy != NULL)) {
171 Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + mUserInfo.AccessPolicyLen);
172 if (Info == NULL) {
173 return ;
174 }
175
176 Status = FindInfoByType (mModifyUser, EFI_USER_INFO_ACCESS_POLICY_RECORD, &UserInfo);
177 if (!EFI_ERROR (Status)) {
178 Info->InfoType = EFI_USER_INFO_ACCESS_POLICY_RECORD;
179 Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV |
180 EFI_USER_INFO_PUBLIC |
181 EFI_USER_INFO_EXCLUSIVE;
182 Info->InfoSize = (UINT32) (sizeof (EFI_USER_INFO) + mUserInfo.AccessPolicyLen);
183 CopyMem ((UINT8 *) (Info + 1), mUserInfo.AccessPolicy, mUserInfo.AccessPolicyLen);
184 Status = mUserManager->SetInfo (
185 mUserManager,
186 mModifyUser,
187 &UserInfo,
188 Info,
189 Info->InfoSize
190 );
191 mUserInfo.AccessPolicyModified = FALSE;
192 }
193 FreePool (Info);
194 }
195
196 if (mAccessInfo.ConnectForbid != NULL) {
197 FreePool (mAccessInfo.ConnectForbid);
198 mAccessInfo.ConnectForbid = NULL;
199 }
200
201 if (mAccessInfo.ConnectPermit != NULL) {
202 FreePool (mAccessInfo.ConnectPermit);
203 mAccessInfo.ConnectPermit = NULL;
204 }
205
206 if (mAccessInfo.LoadForbid != NULL) {
207 FreePool (mAccessInfo.LoadForbid);
208 mAccessInfo.LoadForbid = NULL;
209 }
210
211 if (mAccessInfo.LoadPermit != NULL) {
212 FreePool (mAccessInfo.LoadPermit);
213 mAccessInfo.LoadPermit = NULL;
214 }
215 }
216
217 /**
218 Create an action OpCode with QuestionID and DevicePath on a given OpCodeHandle.
219
220 @param[in] QuestionID The question ID.
221 @param[in] DevicePath Points to device path.
222 @param[in] OpCodeHandle Points to container for dynamic created opcodes.
223
224 **/
225 VOID
226 AddDevicePath (
227 IN UINTN QuestionID,
228 IN EFI_DEVICE_PATH_PROTOCOL *DevicePath,
229 IN VOID *OpCodeHandle
230 )
231 {
232 EFI_STATUS Status;
233 EFI_DEVICE_PATH_PROTOCOL *Next;
234 EFI_STRING_ID NameID;
235 EFI_STRING DriverName;
236 EFI_DEVICE_PATH_TO_TEXT_PROTOCOL *DevicePathText;
237
238 //
239 // Locate device path to text protocol.
240 //
241 Status = gBS->LocateProtocol (
242 &gEfiDevicePathToTextProtocolGuid,
243 NULL,
244 (VOID **) &DevicePathText
245 );
246 if (EFI_ERROR (Status)) {
247 return ;
248 }
249
250 //
251 // Get driver file name node.
252 //
253 Next = DevicePath;
254 while (!IsDevicePathEnd (Next)) {
255 DevicePath = Next;
256 Next = NextDevicePathNode (Next);
257 }
258
259 //
260 // Display the device path in form.
261 //
262 DriverName = DevicePathText->ConvertDevicePathToText (DevicePath, FALSE, FALSE);
263 NameID = HiiSetString (mCallbackInfo->HiiHandle, 0, DriverName, NULL);
264 FreePool (DriverName);
265 if (NameID == 0) {
266 return ;
267 }
268
269 HiiCreateActionOpCode (
270 OpCodeHandle, // Container for dynamic created opcodes
271 (UINT16) QuestionID, // Question ID
272 NameID, // Prompt text
273 STRING_TOKEN (STR_NULL_STRING), // Help text
274 EFI_IFR_FLAG_CALLBACK, // Question flag
275 0 // Action String ID
276 );
277 }
278
279
280 /**
281 Check whether the DevicePath is in the device path forbid list
282 (mAccessInfo.LoadForbid).
283
284 @param[in] DevicePath Points to device path.
285
286 @retval TRUE The DevicePath is in the device path forbid list.
287 @retval FALSE The DevicePath is not in the device path forbid list.
288
289 **/
290 BOOLEAN
291 IsLoadForbidden (
292 IN EFI_DEVICE_PATH_PROTOCOL *DevicePath
293 )
294 {
295 UINTN OffSet;
296 UINTN DPSize;
297 UINTN Size;
298 EFI_DEVICE_PATH_PROTOCOL *Dp;
299
300 OffSet = 0;
301 Size = GetDevicePathSize (DevicePath);
302 //
303 // Check each device path.
304 //
305 while (OffSet < mAccessInfo.LoadForbidLen) {
306 Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + OffSet);
307 DPSize = GetDevicePathSize (Dp);
308 //
309 // Compare device path.
310 //
311 if ((DPSize == Size) && (CompareMem (DevicePath, Dp, Size) == 0)) {
312 return TRUE;
313 }
314 OffSet += DPSize;
315 }
316 return FALSE;
317 }
318
319
320 /**
321 Display the permit load device path in the loadable device path list.
322
323 **/
324 VOID
325 DisplayLoadPermit(
326 VOID
327 )
328 {
329 EFI_STATUS Status;
330 CHAR16 *Order;
331 UINTN OrderSize;
332 UINTN ListCount;
333 UINTN Index;
334 UINT8 *Var;
335 UINT8 *VarPtr;
336 CHAR16 VarName[12];
337 VOID *StartOpCodeHandle;
338 VOID *EndOpCodeHandle;
339 EFI_IFR_GUID_LABEL *StartLabel;
340 EFI_IFR_GUID_LABEL *EndLabel;
341
342 //
343 // Get DriverOrder.
344 //
345 OrderSize = 0;
346 Status = gRT->GetVariable (
347 L"DriverOrder",
348 &gEfiGlobalVariableGuid,
349 NULL,
350 &OrderSize,
351 NULL
352 );
353 if (Status != EFI_BUFFER_TOO_SMALL) {
354 return ;
355 }
356
357 Order = AllocateZeroPool (OrderSize);
358 if (Order == NULL) {
359 return ;
360 }
361
362 Status = gRT->GetVariable (
363 L"DriverOrder",
364 &gEfiGlobalVariableGuid,
365 NULL,
366 &OrderSize,
367 Order
368 );
369 if (EFI_ERROR (Status)) {
370 return ;
371 }
372
373 //
374 // Initialize the container for dynamic opcodes.
375 //
376 StartOpCodeHandle = HiiAllocateOpCodeHandle ();
377 ASSERT (StartOpCodeHandle != NULL);
378
379 EndOpCodeHandle = HiiAllocateOpCodeHandle ();
380 ASSERT (EndOpCodeHandle != NULL);
381
382 //
383 // Create Hii Extend Label OpCode.
384 //
385 StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
386 StartOpCodeHandle,
387 &gEfiIfrTianoGuid,
388 NULL,
389 sizeof (EFI_IFR_GUID_LABEL)
390 );
391 StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
392 StartLabel->Number = LABEL_PERMIT_LOAD_FUNC;
393
394 EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
395 EndOpCodeHandle,
396 &gEfiIfrTianoGuid,
397 NULL,
398 sizeof (EFI_IFR_GUID_LABEL)
399 );
400 EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
401 EndLabel->Number = LABEL_END;
402
403 //
404 // Add each driver option.
405 //
406 Var = NULL;
407 ListCount = OrderSize / sizeof (UINT16);
408 for (Index = 0; Index < ListCount; Index++) {
409 //
410 // Get driver device path.
411 //
412 UnicodeSPrint (VarName, sizeof (VarName), L"Driver%04x", Order[Index]);
413 Var = GetEfiGlobalVariable (VarName);
414 if (Var == NULL) {
415 continue;
416 }
417
418 //
419 // Check whether the driver is already forbidden.
420 //
421
422 VarPtr = Var;
423 //
424 // Skip attribute.
425 //
426 VarPtr += sizeof (UINT32);
427
428 //
429 // Skip device path lenth.
430 //
431 VarPtr += sizeof (UINT16);
432
433 //
434 // Skip descript string.
435 //
436 VarPtr += StrSize ((UINT16 *) VarPtr);
437
438 if (IsLoadForbidden ((EFI_DEVICE_PATH_PROTOCOL *) VarPtr)) {
439 FreePool (Var);
440 Var = NULL;
441 continue;
442 }
443
444 AddDevicePath (
445 KEY_MODIFY_USER | KEY_MODIFY_AP_DP | KEY_LOAD_PERMIT_MODIFY | Order[Index],
446 (EFI_DEVICE_PATH_PROTOCOL *) VarPtr,
447 StartOpCodeHandle
448 );
449 FreePool (Var);
450 Var = NULL;
451 }
452
453 HiiUpdateForm (
454 mCallbackInfo->HiiHandle, // HII handle
455 &gUserProfileManagerGuid, // Formset GUID
456 FORMID_PERMIT_LOAD_DP, // Form ID
457 StartOpCodeHandle, // Label for where to insert opcodes
458 EndOpCodeHandle // Replace data
459 );
460
461 HiiFreeOpCodeHandle (StartOpCodeHandle);
462 HiiFreeOpCodeHandle (EndOpCodeHandle);
463
464 //
465 // Clear Environment.
466 //
467 if (Var != NULL) {
468 FreePool (Var);
469 }
470 FreePool (Order);
471 }
472
473
474 /**
475 Display the forbid load device path list (mAccessInfo.LoadForbid).
476
477 **/
478 VOID
479 DisplayLoadForbid (
480 VOID
481 )
482 {
483 UINTN Offset;
484 UINTN DPSize;
485 UINTN Index;
486 EFI_DEVICE_PATH_PROTOCOL *Dp;
487 VOID *StartOpCodeHandle;
488 VOID *EndOpCodeHandle;
489 EFI_IFR_GUID_LABEL *StartLabel;
490 EFI_IFR_GUID_LABEL *EndLabel;
491
492 //
493 // Initialize the container for dynamic opcodes.
494 //
495 StartOpCodeHandle = HiiAllocateOpCodeHandle ();
496 ASSERT (StartOpCodeHandle != NULL);
497
498 EndOpCodeHandle = HiiAllocateOpCodeHandle ();
499 ASSERT (EndOpCodeHandle != NULL);
500
501 //
502 // Create Hii Extend Label OpCode.
503 //
504 StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
505 StartOpCodeHandle,
506 &gEfiIfrTianoGuid,
507 NULL,
508 sizeof (EFI_IFR_GUID_LABEL)
509 );
510 StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
511 StartLabel->Number = LABLE_FORBID_LOAD_FUNC;
512
513 EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode (
514 EndOpCodeHandle,
515 &gEfiIfrTianoGuid,
516 NULL,
517 sizeof (EFI_IFR_GUID_LABEL)
518 );
519 EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL;
520 EndLabel->Number = LABEL_END;
521
522 //
523 // Add each forbid load drivers.
524 //
525 Offset = 0;
526 Index = 0;
527 while (Offset < mAccessInfo.LoadForbidLen) {
528 Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + Offset);
529 DPSize = GetDevicePathSize (Dp);
530 AddDevicePath (
531 KEY_MODIFY_USER | KEY_MODIFY_AP_DP | KEY_LOAD_FORBID_MODIFY | Index,
532 Dp,
533 StartOpCodeHandle
534 );
535 Index++;
536 Offset += DPSize;
537 }
538
539 HiiUpdateForm (
540 mCallbackInfo->HiiHandle, // HII handle
541 &gUserProfileManagerGuid, // Formset GUID
542 FORMID_FORBID_LOAD_DP, // Form ID
543 StartOpCodeHandle, // Label for where to insert opcodes
544 EndOpCodeHandle // Replace data
545 );
546
547 HiiFreeOpCodeHandle (StartOpCodeHandle);
548 HiiFreeOpCodeHandle (EndOpCodeHandle);
549 }
550
551
552 /**
553 Display the permit connect device path.
554
555 **/
556 VOID
557 DisplayConnectPermit (
558 VOID
559 )
560 {
561 //
562 // Note:
563 // As no architect protocol/interface to be called in ConnectController()
564 // to verify the device path, just add a place holder for permitted connect
565 // device path.
566 //
567 }
568
569
570 /**
571 Display the forbid connect device path list.
572
573 **/
574 VOID
575 DisplayConnectForbid (
576 VOID
577 )
578 {
579 //
580 // Note:
581 // As no architect protocol/interface to be called in ConnectController()
582 // to verify the device path, just add a place holder for forbidden connect
583 // device path.
584 //
585 }
586
587
588 /**
589 Delete the specified device path by DriverIndex from the forbid device path
590 list (mAccessInfo.LoadForbid).
591
592 @param[in] DriverIndex The index of driver in forbidden device path list.
593
594 **/
595 VOID
596 DeleteFromForbidLoad (
597 IN UINT16 DriverIndex
598 )
599 {
600 UINTN OffSet;
601 UINTN DPSize;
602 UINTN OffLen;
603 EFI_DEVICE_PATH_PROTOCOL *Dp;
604
605 OffSet = 0;
606 //
607 // Find the specified device path.
608 //
609 while ((OffSet < mAccessInfo.LoadForbidLen) && (DriverIndex > 0)) {
610 Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + OffSet);
611 DPSize = GetDevicePathSize (Dp);
612 OffSet += DPSize;
613 DriverIndex--;
614 }
615
616 //
617 // Specified device path found.
618 //
619 if (DriverIndex == 0) {
620 Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + OffSet);
621 DPSize = GetDevicePathSize (Dp);
622 OffLen = mAccessInfo.LoadForbidLen - OffSet - DPSize;
623 if (OffLen > 0) {
624 CopyMem (
625 mAccessInfo.LoadForbid + OffSet,
626 mAccessInfo.LoadForbid + OffSet + DPSize,
627 OffLen
628 );
629 }
630 mAccessInfo.LoadForbidLen -= DPSize;
631 }
632 }
633
634
635 /**
636 Add the specified device path by DriverIndex to the forbid device path
637 list (mAccessInfo.LoadForbid).
638
639 @param[in] DriverIndex The index of driver saved in driver options.
640
641 **/
642 VOID
643 AddToForbidLoad (
644 IN UINT16 DriverIndex
645 )
646 {
647 UINTN DevicePathLen;
648 UINT8 *Var;
649 UINT8 *VarPtr;
650 UINTN NewLen;
651 UINT8 *NewFL;
652 CHAR16 VarName[13];
653
654 //
655 // Get loadable driver device path.
656 //
657 UnicodeSPrint (VarName, sizeof (VarName), L"Driver%04x", DriverIndex);
658 Var = GetEfiGlobalVariable (VarName);
659 if (Var == NULL) {
660 return;
661 }
662
663 //
664 // Save forbid load driver.
665 //
666
667 VarPtr = Var;
668 //
669 // Skip attribute.
670 //
671 VarPtr += sizeof (UINT32);
672
673 DevicePathLen = *(UINT16 *) VarPtr;
674 //
675 // Skip device path length.
676 //
677 VarPtr += sizeof (UINT16);
678
679 //
680 // Skip description string.
681 //
682 VarPtr += StrSize ((UINT16 *) VarPtr);
683
684 NewLen = mAccessInfo.LoadForbidLen + DevicePathLen;
685 NewFL = AllocateZeroPool (NewLen);
686 if (NewFL == NULL) {
687 FreePool (Var);
688 return ;
689 }
690
691 if (mAccessInfo.LoadForbidLen > 0) {
692 CopyMem (NewFL, mAccessInfo.LoadForbid, mAccessInfo.LoadForbidLen);
693 FreePool (mAccessInfo.LoadForbid);
694 }
695
696 CopyMem (NewFL + mAccessInfo.LoadForbidLen, VarPtr, DevicePathLen);
697 mAccessInfo.LoadForbidLen = NewLen;
698 mAccessInfo.LoadForbid = NewFL;
699 FreePool (Var);
700 }
701
702
EFI Development Kit II mirror for PVE