2 The functions for access policy modification.
4 Copyright (c) 2009 - 2011, Intel Corporation. All rights reserved.<BR>
5 This program and the accompanying materials
6 are licensed and made available under the terms and conditions of the BSD License
7 which accompanies this distribution. The full text of the license may be found at
8 http://opensource.org/licenses/bsd-license.php
10 THE PROGRAM IS DISTRIBUTED UNDER THE BSD LICENSE ON AN "AS IS" BASIS,
11 WITHOUT WARRANTIES OR REPRESENTATIONS OF ANY KIND, EITHER EXPRESS OR IMPLIED.
15 #include "UserProfileManager.h"
18 Collect all the access policy data to mUserInfo.AccessPolicy,
19 and save it to user profile.
30 EFI_USER_INFO_ACCESS_CONTROL Control
;
31 EFI_USER_INFO_HANDLE UserInfo
;
34 if (mUserInfo
.AccessPolicy
!= NULL
) {
35 FreePool (mUserInfo
.AccessPolicy
);
37 mUserInfo
.AccessPolicy
= NULL
;
38 mUserInfo
.AccessPolicyLen
= 0;
39 mUserInfo
.AccessPolicyModified
= TRUE
;
45 Size
= sizeof (EFI_USER_INFO_ACCESS_CONTROL
);
46 if (mUserInfo
.AccessPolicyLen
- OffSet
< Size
) {
47 ExpandMemory (OffSet
, Size
);
50 Control
.Type
= mAccessInfo
.AccessRight
;
51 Control
.Size
= (UINT32
) Size
;
52 CopyMem (mUserInfo
.AccessPolicy
+ OffSet
, &Control
, sizeof (Control
));
53 OffSet
+= sizeof (Control
);
58 Size
= sizeof (EFI_USER_INFO_ACCESS_CONTROL
) + sizeof (EFI_GUID
);
59 if (mUserInfo
.AccessPolicyLen
- OffSet
< Size
) {
60 ExpandMemory (OffSet
, Size
);
63 Control
.Type
= EFI_USER_INFO_ACCESS_SETUP
;
64 Control
.Size
= (UINT32
) Size
;
65 CopyMem (mUserInfo
.AccessPolicy
+ OffSet
, &Control
, sizeof (Control
));
66 OffSet
+= sizeof (Control
);
68 if (mAccessInfo
.AccessSetup
== ACCESS_SETUP_NORMAL
) {
69 CopyGuid ((EFI_GUID
*) (mUserInfo
.AccessPolicy
+ OffSet
), &gEfiUserInfoAccessSetupNormalGuid
);
70 } else if (mAccessInfo
.AccessSetup
== ACCESS_SETUP_RESTRICTED
) {
71 CopyGuid ((EFI_GUID
*) (mUserInfo
.AccessPolicy
+ OffSet
), &gEfiUserInfoAccessSetupRestrictedGuid
);
72 } else if (mAccessInfo
.AccessSetup
== ACCESS_SETUP_ADMIN
) {
73 CopyGuid ((EFI_GUID
*) (mUserInfo
.AccessPolicy
+ OffSet
), &gEfiUserInfoAccessSetupAdminGuid
);
75 OffSet
+= sizeof (EFI_GUID
);
78 // Save access of boot order.
80 Size
= sizeof (EFI_USER_INFO_ACCESS_CONTROL
) + sizeof (UINT32
);
81 if (mUserInfo
.AccessPolicyLen
- OffSet
< Size
) {
82 ExpandMemory (OffSet
, Size
);
85 Control
.Type
= EFI_USER_INFO_ACCESS_BOOT_ORDER
;
86 Control
.Size
= (UINT32
) Size
;
87 CopyMem (mUserInfo
.AccessPolicy
+ OffSet
, &Control
, sizeof (Control
));
88 OffSet
+= sizeof (Control
);
90 CopyMem ((UINT8
*) (mUserInfo
.AccessPolicy
+ OffSet
), &mAccessInfo
.AccessBootOrder
, sizeof (UINT32
));
91 OffSet
+= sizeof (UINT32
);
96 if (mAccessInfo
.LoadPermitLen
> 0) {
97 Size
= sizeof (EFI_USER_INFO_ACCESS_CONTROL
) + mAccessInfo
.LoadPermitLen
;
98 if (mUserInfo
.AccessPolicyLen
- OffSet
< Size
) {
99 ExpandMemory (OffSet
, Size
);
102 Control
.Type
= EFI_USER_INFO_ACCESS_PERMIT_LOAD
;
103 Control
.Size
= (UINT32
) Size
;
104 CopyMem (mUserInfo
.AccessPolicy
+ OffSet
, &Control
, sizeof (Control
));
105 OffSet
+= sizeof (Control
);
107 CopyMem (mUserInfo
.AccessPolicy
+ OffSet
, mAccessInfo
.LoadPermit
, mAccessInfo
.LoadPermitLen
);
108 OffSet
+= mAccessInfo
.LoadPermitLen
;
114 if (mAccessInfo
.LoadForbidLen
> 0) {
115 Size
= sizeof (EFI_USER_INFO_ACCESS_CONTROL
) + mAccessInfo
.LoadForbidLen
;
116 if (mUserInfo
.AccessPolicyLen
- OffSet
< Size
) {
117 ExpandMemory (OffSet
, Size
);
120 Control
.Type
= EFI_USER_INFO_ACCESS_FORBID_LOAD
;
121 Control
.Size
= (UINT32
) Size
;
122 CopyMem (mUserInfo
.AccessPolicy
+ OffSet
, &Control
, sizeof (Control
));
123 OffSet
+= sizeof (Control
);
125 CopyMem (mUserInfo
.AccessPolicy
+ OffSet
, mAccessInfo
.LoadForbid
, mAccessInfo
.LoadForbidLen
);
126 OffSet
+= mAccessInfo
.LoadForbidLen
;
130 // Save permit connect.
132 if (mAccessInfo
.ConnectPermitLen
> 0) {
133 Size
= sizeof (EFI_USER_INFO_ACCESS_CONTROL
) + mAccessInfo
.ConnectPermitLen
;
134 if (mUserInfo
.AccessPolicyLen
- OffSet
< Size
) {
135 ExpandMemory (OffSet
, Size
);
138 Control
.Type
= EFI_USER_INFO_ACCESS_PERMIT_CONNECT
;
139 Control
.Size
= (UINT32
) Size
;
140 CopyMem (mUserInfo
.AccessPolicy
+ OffSet
, &Control
, sizeof (Control
));
141 OffSet
+= sizeof (Control
);
143 CopyMem (mUserInfo
.AccessPolicy
+ OffSet
, mAccessInfo
.ConnectPermit
, mAccessInfo
.ConnectPermitLen
);
144 OffSet
+= mAccessInfo
.ConnectPermitLen
;
148 // Save forbid connect.
150 if (mAccessInfo
.ConnectForbidLen
> 0) {
151 Size
= sizeof (EFI_USER_INFO_ACCESS_CONTROL
) + mAccessInfo
.ConnectForbidLen
;
152 if (mUserInfo
.AccessPolicyLen
- OffSet
< Size
) {
153 ExpandMemory (OffSet
, Size
);
156 Control
.Type
= EFI_USER_INFO_ACCESS_FORBID_CONNECT
;
157 Control
.Size
= (UINT32
) Size
;
158 CopyMem (mUserInfo
.AccessPolicy
+ OffSet
, &Control
, sizeof (Control
));
159 OffSet
+= sizeof (Control
);
161 CopyMem (mUserInfo
.AccessPolicy
+ OffSet
, mAccessInfo
.ConnectForbid
, mAccessInfo
.ConnectForbidLen
);
162 OffSet
+= mAccessInfo
.ConnectForbidLen
;
165 mUserInfo
.AccessPolicyLen
= OffSet
;
168 // Save access policy.
170 if (mUserInfo
.AccessPolicyModified
&& (mUserInfo
.AccessPolicyLen
> 0) && (mUserInfo
.AccessPolicy
!= NULL
)) {
171 Info
= AllocateZeroPool (sizeof (EFI_USER_INFO
) + mUserInfo
.AccessPolicyLen
);
176 Status
= FindInfoByType (mModifyUser
, EFI_USER_INFO_ACCESS_POLICY_RECORD
, &UserInfo
);
177 if (!EFI_ERROR (Status
)) {
178 Info
->InfoType
= EFI_USER_INFO_ACCESS_POLICY_RECORD
;
179 Info
->InfoAttribs
= EFI_USER_INFO_STORAGE_PLATFORM_NV
|
180 EFI_USER_INFO_PUBLIC
|
181 EFI_USER_INFO_EXCLUSIVE
;
182 Info
->InfoSize
= (UINT32
) (sizeof (EFI_USER_INFO
) + mUserInfo
.AccessPolicyLen
);
183 CopyMem ((UINT8
*) (Info
+ 1), mUserInfo
.AccessPolicy
, mUserInfo
.AccessPolicyLen
);
184 Status
= mUserManager
->SetInfo (
191 mUserInfo
.AccessPolicyModified
= FALSE
;
196 if (mAccessInfo
.ConnectForbid
!= NULL
) {
197 FreePool (mAccessInfo
.ConnectForbid
);
198 mAccessInfo
.ConnectForbid
= NULL
;
201 if (mAccessInfo
.ConnectPermit
!= NULL
) {
202 FreePool (mAccessInfo
.ConnectPermit
);
203 mAccessInfo
.ConnectPermit
= NULL
;
206 if (mAccessInfo
.LoadForbid
!= NULL
) {
207 FreePool (mAccessInfo
.LoadForbid
);
208 mAccessInfo
.LoadForbid
= NULL
;
211 if (mAccessInfo
.LoadPermit
!= NULL
) {
212 FreePool (mAccessInfo
.LoadPermit
);
213 mAccessInfo
.LoadPermit
= NULL
;
218 Create an action OpCode with QuestionID and DevicePath on a given OpCodeHandle.
220 @param[in] QuestionID The question ID.
221 @param[in] DevicePath Points to device path.
222 @param[in] OpCodeHandle Points to container for dynamic created opcodes.
228 IN EFI_DEVICE_PATH_PROTOCOL
*DevicePath
,
229 IN VOID
*OpCodeHandle
233 EFI_DEVICE_PATH_PROTOCOL
*Next
;
234 EFI_STRING_ID NameID
;
235 EFI_STRING DriverName
;
236 EFI_DEVICE_PATH_TO_TEXT_PROTOCOL
*DevicePathText
;
239 // Locate device path to text protocol.
241 Status
= gBS
->LocateProtocol (
242 &gEfiDevicePathToTextProtocolGuid
,
244 (VOID
**) &DevicePathText
246 if (EFI_ERROR (Status
)) {
251 // Get driver file name node.
254 while (!IsDevicePathEnd (Next
)) {
256 Next
= NextDevicePathNode (Next
);
260 // Display the device path in form.
262 DriverName
= DevicePathText
->ConvertDevicePathToText (DevicePath
, FALSE
, FALSE
);
263 NameID
= HiiSetString (mCallbackInfo
->HiiHandle
, 0, DriverName
, NULL
);
264 FreePool (DriverName
);
269 HiiCreateActionOpCode (
270 OpCodeHandle
, // Container for dynamic created opcodes
271 (UINT16
) QuestionID
, // Question ID
272 NameID
, // Prompt text
273 STRING_TOKEN (STR_NULL_STRING
), // Help text
274 EFI_IFR_FLAG_CALLBACK
, // Question flag
275 0 // Action String ID
281 Check whether the DevicePath is in the device path forbid list
282 (mAccessInfo.LoadForbid).
284 @param[in] DevicePath Points to device path.
286 @retval TRUE The DevicePath is in the device path forbid list.
287 @retval FALSE The DevicePath is not in the device path forbid list.
292 IN EFI_DEVICE_PATH_PROTOCOL
*DevicePath
298 EFI_DEVICE_PATH_PROTOCOL
*Dp
;
301 Size
= GetDevicePathSize (DevicePath
);
303 // Check each device path.
305 while (OffSet
< mAccessInfo
.LoadForbidLen
) {
306 Dp
= (EFI_DEVICE_PATH_PROTOCOL
*) (mAccessInfo
.LoadForbid
+ OffSet
);
307 DPSize
= GetDevicePathSize (Dp
);
309 // Compare device path.
311 if ((DPSize
== Size
) && (CompareMem (DevicePath
, Dp
, Size
) == 0)) {
321 Display the permit load device path in the loadable device path list.
337 VOID
*StartOpCodeHandle
;
338 VOID
*EndOpCodeHandle
;
339 EFI_IFR_GUID_LABEL
*StartLabel
;
340 EFI_IFR_GUID_LABEL
*EndLabel
;
346 Status
= gRT
->GetVariable (
348 &gEfiGlobalVariableGuid
,
353 if (Status
!= EFI_BUFFER_TOO_SMALL
) {
357 Order
= AllocateZeroPool (OrderSize
);
362 Status
= gRT
->GetVariable (
364 &gEfiGlobalVariableGuid
,
369 if (EFI_ERROR (Status
)) {
374 // Initialize the container for dynamic opcodes.
376 StartOpCodeHandle
= HiiAllocateOpCodeHandle ();
377 ASSERT (StartOpCodeHandle
!= NULL
);
379 EndOpCodeHandle
= HiiAllocateOpCodeHandle ();
380 ASSERT (EndOpCodeHandle
!= NULL
);
383 // Create Hii Extend Label OpCode.
385 StartLabel
= (EFI_IFR_GUID_LABEL
*) HiiCreateGuidOpCode (
389 sizeof (EFI_IFR_GUID_LABEL
)
391 StartLabel
->ExtendOpCode
= EFI_IFR_EXTEND_OP_LABEL
;
392 StartLabel
->Number
= LABEL_PERMIT_LOAD_FUNC
;
394 EndLabel
= (EFI_IFR_GUID_LABEL
*) HiiCreateGuidOpCode (
398 sizeof (EFI_IFR_GUID_LABEL
)
400 EndLabel
->ExtendOpCode
= EFI_IFR_EXTEND_OP_LABEL
;
401 EndLabel
->Number
= LABEL_END
;
404 // Add each driver option.
407 ListCount
= OrderSize
/ sizeof (UINT16
);
408 for (Index
= 0; Index
< ListCount
; Index
++) {
410 // Get driver device path.
412 UnicodeSPrint (VarName
, sizeof (VarName
), L
"Driver%04x", Order
[Index
]);
413 Var
= GetEfiGlobalVariable (VarName
);
419 // Check whether the driver is already forbidden.
426 VarPtr
+= sizeof (UINT32
);
429 // Skip device path lenth.
431 VarPtr
+= sizeof (UINT16
);
434 // Skip descript string.
436 VarPtr
+= StrSize ((UINT16
*) VarPtr
);
438 if (IsLoadForbidden ((EFI_DEVICE_PATH_PROTOCOL
*) VarPtr
)) {
445 KEY_MODIFY_USER
| KEY_MODIFY_AP_DP
| KEY_LOAD_PERMIT_MODIFY
| Order
[Index
],
446 (EFI_DEVICE_PATH_PROTOCOL
*) VarPtr
,
454 mCallbackInfo
->HiiHandle
, // HII handle
455 &gUserProfileManagerGuid
, // Formset GUID
456 FORMID_PERMIT_LOAD_DP
, // Form ID
457 StartOpCodeHandle
, // Label for where to insert opcodes
458 EndOpCodeHandle
// Replace data
461 HiiFreeOpCodeHandle (StartOpCodeHandle
);
462 HiiFreeOpCodeHandle (EndOpCodeHandle
);
465 // Clear Environment.
475 Display the forbid load device path list (mAccessInfo.LoadForbid).
486 EFI_DEVICE_PATH_PROTOCOL
*Dp
;
487 VOID
*StartOpCodeHandle
;
488 VOID
*EndOpCodeHandle
;
489 EFI_IFR_GUID_LABEL
*StartLabel
;
490 EFI_IFR_GUID_LABEL
*EndLabel
;
493 // Initialize the container for dynamic opcodes.
495 StartOpCodeHandle
= HiiAllocateOpCodeHandle ();
496 ASSERT (StartOpCodeHandle
!= NULL
);
498 EndOpCodeHandle
= HiiAllocateOpCodeHandle ();
499 ASSERT (EndOpCodeHandle
!= NULL
);
502 // Create Hii Extend Label OpCode.
504 StartLabel
= (EFI_IFR_GUID_LABEL
*) HiiCreateGuidOpCode (
508 sizeof (EFI_IFR_GUID_LABEL
)
510 StartLabel
->ExtendOpCode
= EFI_IFR_EXTEND_OP_LABEL
;
511 StartLabel
->Number
= LABLE_FORBID_LOAD_FUNC
;
513 EndLabel
= (EFI_IFR_GUID_LABEL
*) HiiCreateGuidOpCode (
517 sizeof (EFI_IFR_GUID_LABEL
)
519 EndLabel
->ExtendOpCode
= EFI_IFR_EXTEND_OP_LABEL
;
520 EndLabel
->Number
= LABEL_END
;
523 // Add each forbid load drivers.
527 while (Offset
< mAccessInfo
.LoadForbidLen
) {
528 Dp
= (EFI_DEVICE_PATH_PROTOCOL
*) (mAccessInfo
.LoadForbid
+ Offset
);
529 DPSize
= GetDevicePathSize (Dp
);
531 KEY_MODIFY_USER
| KEY_MODIFY_AP_DP
| KEY_LOAD_FORBID_MODIFY
| Index
,
540 mCallbackInfo
->HiiHandle
, // HII handle
541 &gUserProfileManagerGuid
, // Formset GUID
542 FORMID_FORBID_LOAD_DP
, // Form ID
543 StartOpCodeHandle
, // Label for where to insert opcodes
544 EndOpCodeHandle
// Replace data
547 HiiFreeOpCodeHandle (StartOpCodeHandle
);
548 HiiFreeOpCodeHandle (EndOpCodeHandle
);
553 Display the permit connect device path.
557 DisplayConnectPermit (
563 // As no architect protocol/interface to be called in ConnectController()
564 // to verify the device path, just add a place holder for permitted connect
571 Display the forbid connect device path list.
575 DisplayConnectForbid (
581 // As no architect protocol/interface to be called in ConnectController()
582 // to verify the device path, just add a place holder for forbidden connect
589 Delete the specified device path by DriverIndex from the forbid device path
590 list (mAccessInfo.LoadForbid).
592 @param[in] DriverIndex The index of driver in forbidden device path list.
596 DeleteFromForbidLoad (
597 IN UINT16 DriverIndex
603 EFI_DEVICE_PATH_PROTOCOL
*Dp
;
607 // Find the specified device path.
609 while ((OffSet
< mAccessInfo
.LoadForbidLen
) && (DriverIndex
> 0)) {
610 Dp
= (EFI_DEVICE_PATH_PROTOCOL
*) (mAccessInfo
.LoadForbid
+ OffSet
);
611 DPSize
= GetDevicePathSize (Dp
);
617 // Specified device path found.
619 if (DriverIndex
== 0) {
620 Dp
= (EFI_DEVICE_PATH_PROTOCOL
*) (mAccessInfo
.LoadForbid
+ OffSet
);
621 DPSize
= GetDevicePathSize (Dp
);
622 OffLen
= mAccessInfo
.LoadForbidLen
- OffSet
- DPSize
;
625 mAccessInfo
.LoadForbid
+ OffSet
,
626 mAccessInfo
.LoadForbid
+ OffSet
+ DPSize
,
630 mAccessInfo
.LoadForbidLen
-= DPSize
;
636 Add the specified device path by DriverIndex to the forbid device path
637 list (mAccessInfo.LoadForbid).
639 @param[in] DriverIndex The index of driver saved in driver options.
644 IN UINT16 DriverIndex
655 // Get loadable driver device path.
657 UnicodeSPrint (VarName
, sizeof (VarName
), L
"Driver%04x", DriverIndex
);
658 Var
= GetEfiGlobalVariable (VarName
);
664 // Save forbid load driver.
671 VarPtr
+= sizeof (UINT32
);
673 DevicePathLen
= *(UINT16
*) VarPtr
;
675 // Skip device path length.
677 VarPtr
+= sizeof (UINT16
);
680 // Skip description string.
682 VarPtr
+= StrSize ((UINT16
*) VarPtr
);
684 NewLen
= mAccessInfo
.LoadForbidLen
+ DevicePathLen
;
685 NewFL
= AllocateZeroPool (NewLen
);
691 if (mAccessInfo
.LoadForbidLen
> 0) {
692 CopyMem (NewFL
, mAccessInfo
.LoadForbid
, mAccessInfo
.LoadForbidLen
);
693 FreePool (mAccessInfo
.LoadForbid
);
696 CopyMem (NewFL
+ mAccessInfo
.LoadForbidLen
, VarPtr
, DevicePathLen
);
697 mAccessInfo
.LoadForbidLen
= NewLen
;
698 mAccessInfo
.LoadForbid
= NewFL
;