X-Git-Url: https://git.proxmox.com/?p=mirror_edk2.git;a=blobdiff_plain;f=SecurityPkg%2FUserIdentification%2FUserProfileManagerDxe%2FUserProfileModify.c;h=67fc300f7257724e3273ad57e4f7d2ddfbd7aad1;hp=1d67b479a8b9b82348a1254e4abe77f1f0c9f238;hb=0c5b25f021a815d4ddce306139cc077db9afddfd;hpb=5f4ef94a55807e1b42201866af232053183d3f8d diff --git a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify.c b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify.c index 1d67b479a8..67fc300f72 100644 --- a/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify.c +++ b/SecurityPkg/UserIdentification/UserProfileManagerDxe/UserProfileModify.c @@ -749,8 +749,9 @@ ResolveAccessPolicy ( /** - Find the specified info in profile mModifyUser by the InfoType. + Find the specified info in User profile by the InfoType. + @param[in] User Handle of the user whose information will be searched. @param[in] InfoType The user information type to find. @param[out] UserInfo Points to user information handle found. @@ -760,6 +761,7 @@ ResolveAccessPolicy ( **/ EFI_STATUS FindInfoByType ( + IN EFI_USER_PROFILE_HANDLE User, IN UINT8 InfoType, OUT EFI_USER_INFO_HANDLE *UserInfo ) @@ -787,7 +789,7 @@ FindInfoByType ( // Get each user information. // while (TRUE) { - Status = mUserManager->GetNextInfo (mUserManager, mModifyUser, UserInfo); + Status = mUserManager->GetNextInfo (mUserManager, User, UserInfo); if (EFI_ERROR (Status)) { break; } @@ -797,7 +799,7 @@ FindInfoByType ( InfoSize = MemSize; Status = mUserManager->GetInfo ( mUserManager, - mModifyUser, + User, *UserInfo, Info, &InfoSize @@ -811,7 +813,7 @@ FindInfoByType ( } Status = mUserManager->GetInfo ( mUserManager, - mModifyUser, + User, *UserInfo, Info, &InfoSize @@ -1104,207 +1106,6 @@ ExpandMemory ( } -/** - Collect all the access policy data to mUserInfo.AccessPolicy, - and save it to user profile. - -**/ -VOID -SaveAccessPolicy ( - VOID - ) -{ - EFI_STATUS Status; - UINTN OffSet; - UINTN Size; - EFI_USER_INFO_ACCESS_CONTROL Control; - EFI_USER_INFO_HANDLE UserInfo; - EFI_USER_INFO *Info; - - if (mUserInfo.AccessPolicy != NULL) { - FreePool (mUserInfo.AccessPolicy); - } - mUserInfo.AccessPolicy = NULL; - mUserInfo.AccessPolicyLen = 0; - mUserInfo.AccessPolicyModified = TRUE; - OffSet = 0; - - // - // Save access right. - // - Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL); - if (mUserInfo.AccessPolicyLen - OffSet < Size) { - ExpandMemory (OffSet, Size); - } - - Control.Type = mAccessInfo.AccessRight; - Control.Size = (UINT32) Size; - CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); - OffSet += sizeof (Control); - - // - // Save access setup. - // - Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + sizeof (EFI_GUID); - if (mUserInfo.AccessPolicyLen - OffSet < Size) { - ExpandMemory (OffSet, Size); - } - - Control.Type = EFI_USER_INFO_ACCESS_SETUP; - Control.Size = (UINT32) Size; - CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); - OffSet += sizeof (Control); - - if (mAccessInfo.AccessSetup == ACCESS_SETUP_NORMAL) { - CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupNormalGuid); - } else if (mAccessInfo.AccessSetup == ACCESS_SETUP_RESTRICTED) { - CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupRestrictedGuid); - } else if (mAccessInfo.AccessSetup == ACCESS_SETUP_ADMIN) { - CopyGuid ((EFI_GUID *) (mUserInfo.AccessPolicy + OffSet), &gEfiUserInfoAccessSetupAdminGuid); - } - OffSet += sizeof (EFI_GUID); - - // - // Save access of boot order. - // - Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + sizeof (UINT32); - if (mUserInfo.AccessPolicyLen - OffSet < Size) { - ExpandMemory (OffSet, Size); - } - - Control.Type = EFI_USER_INFO_ACCESS_BOOT_ORDER; - Control.Size = (UINT32) Size; - CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); - OffSet += sizeof (Control); - - CopyMem ((UINT8 *) (mUserInfo.AccessPolicy + OffSet), &mAccessInfo.AccessBootOrder, sizeof (UINT32)); - OffSet += sizeof (UINT32); - - // - // Save permit load. - // - if (mAccessInfo.LoadPermitLen > 0) { - Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.LoadPermitLen; - if (mUserInfo.AccessPolicyLen - OffSet < Size) { - ExpandMemory (OffSet, Size); - } - - Control.Type = EFI_USER_INFO_ACCESS_PERMIT_LOAD; - Control.Size = (UINT32) Size; - CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); - OffSet += sizeof (Control); - - CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.LoadPermit, mAccessInfo.LoadPermitLen); - OffSet += mAccessInfo.LoadPermitLen; - } - - // - // Save forbid load. - // - if (mAccessInfo.LoadForbidLen > 0) { - Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.LoadForbidLen; - if (mUserInfo.AccessPolicyLen - OffSet < Size) { - ExpandMemory (OffSet, Size); - } - - Control.Type = EFI_USER_INFO_ACCESS_FORBID_LOAD; - Control.Size = (UINT32) Size; - CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); - OffSet += sizeof (Control); - - CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.LoadForbid, mAccessInfo.LoadForbidLen); - OffSet += mAccessInfo.LoadForbidLen; - } - - // - // Save permit connect. - // - if (mAccessInfo.ConnectPermitLen > 0) { - Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.ConnectPermitLen; - if (mUserInfo.AccessPolicyLen - OffSet < Size) { - ExpandMemory (OffSet, Size); - } - - Control.Type = EFI_USER_INFO_ACCESS_PERMIT_CONNECT; - Control.Size = (UINT32) Size; - CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); - OffSet += sizeof (Control); - - CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.ConnectPermit, mAccessInfo.ConnectPermitLen); - OffSet += mAccessInfo.ConnectPermitLen; - } - - // - // Save forbid connect. - // - if (mAccessInfo.ConnectForbidLen > 0) { - Size = sizeof (EFI_USER_INFO_ACCESS_CONTROL) + mAccessInfo.ConnectForbidLen; - if (mUserInfo.AccessPolicyLen - OffSet < Size) { - ExpandMemory (OffSet, Size); - } - - Control.Type = EFI_USER_INFO_ACCESS_FORBID_CONNECT; - Control.Size = (UINT32) Size; - CopyMem (mUserInfo.AccessPolicy + OffSet, &Control, sizeof (Control)); - OffSet += sizeof (Control); - - CopyMem (mUserInfo.AccessPolicy + OffSet, mAccessInfo.ConnectForbid, mAccessInfo.ConnectForbidLen); - OffSet += mAccessInfo.ConnectForbidLen; - } - - mUserInfo.AccessPolicyLen = OffSet; - - // - // Save access policy. - // - if (mUserInfo.AccessPolicyModified && (mUserInfo.AccessPolicyLen > 0)) { - Info = AllocateZeroPool (sizeof (EFI_USER_INFO) + mUserInfo.AccessPolicyLen); - if (Info == NULL) { - return ; - } - - Status = FindInfoByType (EFI_USER_INFO_ACCESS_POLICY_RECORD, &UserInfo); - if (!EFI_ERROR (Status)) { - Info->InfoType = EFI_USER_INFO_ACCESS_POLICY_RECORD; - Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | - EFI_USER_INFO_PUBLIC | - EFI_USER_INFO_EXCLUSIVE; - Info->InfoSize = (UINT32) (sizeof (EFI_USER_INFO) + mUserInfo.AccessPolicyLen); - CopyMem ((UINT8 *) (Info + 1), mUserInfo.AccessPolicy, mUserInfo.AccessPolicyLen); - Status = mUserManager->SetInfo ( - mUserManager, - mModifyUser, - &UserInfo, - Info, - Info->InfoSize - ); - mUserInfo.AccessPolicyModified = FALSE; - } - FreePool (Info); - } - - if (mAccessInfo.ConnectForbid != NULL) { - FreePool (mAccessInfo.ConnectForbid); - mAccessInfo.ConnectForbid = NULL; - } - - if (mAccessInfo.ConnectPermit != NULL) { - FreePool (mAccessInfo.ConnectPermit); - mAccessInfo.ConnectPermit = NULL; - } - - if (mAccessInfo.LoadForbid != NULL) { - FreePool (mAccessInfo.LoadForbid); - mAccessInfo.LoadForbid = NULL; - } - - if (mAccessInfo.LoadPermit != NULL) { - FreePool (mAccessInfo.LoadPermit); - mAccessInfo.LoadPermit = NULL; - } -} - - /** Get the username from user input, and update username string in the Hii database with it. @@ -1392,7 +1193,7 @@ ModifyUserName ( // // Save the user name. // - Status = FindInfoByType (EFI_USER_INFO_NAME_RECORD, &UserInfo); + Status = FindInfoByType (mModifyUser, EFI_USER_INFO_NAME_RECORD, &UserInfo); if (!EFI_ERROR (Status)) { mUserManager->SetInfo ( mUserManager, @@ -1572,940 +1373,103 @@ ModifyIdentityPolicy ( /** - Save the identity policy and update UI with it. - - This funciton will verify the new identity policy, in current implementation, - the identity policy can be: T, P & P & P & ..., P | P | P | ... - Here, "T" means "True", "P" means "Credential Provider", "&" means "and", "|" means "or". - Other identity policies are not supported. + Get current user's access right. + + @param[out] AccessRight Points to the buffer used for user's access right. + + @retval EFI_SUCCESS Get current user access right successfully. + @retval others Fail to get current user access right. **/ -VOID -SaveIdentityPolicy ( - VOID +EFI_STATUS +GetAccessRight ( + OUT UINT32 *AccessRight ) { EFI_STATUS Status; - EFI_USER_INFO_IDENTITY_POLICY *Identity; EFI_USER_INFO_HANDLE UserInfo; EFI_USER_INFO *Info; - EFI_INPUT_KEY Key; - UINTN Offset; - UINT32 OpCode; UINTN InfoSize; + UINTN MemSize; + EFI_USER_INFO_ACCESS_CONTROL Access; + EFI_USER_PROFILE_HANDLE CurrentUser; + UINTN TotalLen; + UINTN CheckLen; - if (!mUserInfo.NewIdentityPolicyModified || (mUserInfo.NewIdentityPolicyLen == 0)) { - return; + // + // Allocate user information memory. + // + MemSize = sizeof (EFI_USER_INFO) + 63; + Info = AllocateZeroPool (MemSize); + if (Info == NULL) { + return EFI_OUT_OF_RESOURCES; } - + // - // Check policy expression. + // Get user access information. // - OpCode = EFI_USER_INFO_IDENTITY_FALSE; - Offset = 0; - while (Offset < mUserInfo.NewIdentityPolicyLen) { + UserInfo = NULL; + mUserManager->Current (mUserManager, &CurrentUser); + while (TRUE) { + InfoSize = MemSize; // - // Check access policy according to type + // Get next user information. // - Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (mUserInfo.NewIdentityPolicy + Offset); - switch (Identity->Type) { - - case EFI_USER_INFO_IDENTITY_TRUE: - break; - - case EFI_USER_INFO_IDENTITY_OR: - if (OpCode == EFI_USER_INFO_IDENTITY_AND) { - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"Invalid Identity Policy, Mixed Connector Unsupport!", - L"", - L"Press Any Key to Continue ...", - NULL - ); - return ; - } - - OpCode = EFI_USER_INFO_IDENTITY_OR; - break; - - case EFI_USER_INFO_IDENTITY_AND: - if (OpCode == EFI_USER_INFO_IDENTITY_OR) { - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"Invalid Identity Policy, Mixed Connector Unsupport!", - L"", - L"Press Any Key to Continue ...", - NULL - ); - return ; - } - - OpCode = EFI_USER_INFO_IDENTITY_AND; - break; - - case EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER: + Status = mUserManager->GetNextInfo (mUserManager, CurrentUser, &UserInfo); + if (EFI_ERROR (Status)) { break; - - default: - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"Unsupport parameter", - L"", - L"Press Any Key to Continue ...", - NULL - ); - return ; } - Offset += Identity->Length; - } - - // - // Save identity policy. - // - Info = AllocateZeroPool ( - sizeof (EFI_USER_INFO) + - mUserInfo.NewIdentityPolicyLen - ); - if (Info == NULL) { - return ; - } - Status = FindInfoByType (EFI_USER_INFO_IDENTITY_POLICY_RECORD, &UserInfo); - if (EFI_ERROR (Status)) { - FreePool (Info); - return ; - } - - Info->InfoType = EFI_USER_INFO_IDENTITY_POLICY_RECORD; - Info->InfoAttribs = EFI_USER_INFO_STORAGE_PLATFORM_NV | - EFI_USER_INFO_PRIVATE | - EFI_USER_INFO_EXCLUSIVE; - Info->InfoSize = (UINT32) (sizeof (EFI_USER_INFO) + mUserInfo.NewIdentityPolicyLen); - CopyMem ((UINT8 *) (Info + 1), mUserInfo.NewIdentityPolicy, mUserInfo.NewIdentityPolicyLen); - Status = mUserManager->SetInfo ( - mUserManager, - mModifyUser, - &UserInfo, - Info, - Info->InfoSize - ); - FreePool (Info); - if (EFI_ERROR (Status)) { - // - // Get the user information again, it may be changed during saving it. - // - InfoSize = 0; Status = mUserManager->GetInfo ( mUserManager, - mModifyUser, + CurrentUser, UserInfo, Info, &InfoSize ); if (Status == EFI_BUFFER_TOO_SMALL) { - Info = AllocateZeroPool (InfoSize); - ASSERT (Info != NULL); + MemSize = InfoSize; + FreePool (Info); + Info = AllocateZeroPool (MemSize); + if (Info == NULL) { + return EFI_OUT_OF_RESOURCES; + } Status = mUserManager->GetInfo ( mUserManager, - mModifyUser, + CurrentUser, UserInfo, Info, &InfoSize ); } - ASSERT_EFI_ERROR (Status); - - // - // Save current identification policy to mUserInfo.IdentityPolicy. - // - ASSERT (Info != NULL); - if (mUserInfo.IdentityPolicy != NULL) { - FreePool (mUserInfo.IdentityPolicy); - } - - mUserInfo.IdentityPolicyLen = Info->InfoSize - sizeof (EFI_USER_INFO); - mUserInfo.IdentityPolicy = AllocateCopyPool (mUserInfo.IdentityPolicyLen, Info + 1); - ASSERT (mUserInfo.IdentityPolicy != NULL); - - // - // Free the memory - // - FreePool (Info); - FreePool (mUserInfo.NewIdentityPolicy); - } else { - // - // Update the mUserInfo.IdentityPolicy by mUserInfo.NewIdentityPolicy - // - if (mUserInfo.IdentityPolicy != NULL) { - FreePool (mUserInfo.IdentityPolicy); + if (EFI_ERROR (Status)) { + break; } - mUserInfo.IdentityPolicy = mUserInfo.NewIdentityPolicy; - mUserInfo.IdentityPolicyLen = mUserInfo.NewIdentityPolicyLen; - } - - mUserInfo.NewIdentityPolicy = NULL; - mUserInfo.NewIdentityPolicyLen = 0; - mUserInfo.NewIdentityPolicyModified = FALSE; - - // - // Update identity policy choice. - // - ResolveIdentityPolicy ( - mUserInfo.IdentityPolicy, - mUserInfo.IdentityPolicyLen, - STRING_TOKEN (STR_IDENTIFY_POLICY_VAL) - ); -} - - -/** - Verify the new identity policy in the current implementation. The same credential - provider can't appear twice in one identity policy. - - @param[in] NewGuid Points to the credential provider guid. - - @retval TRUE The NewGuid was found in the identity policy. - @retval FALSE The NewGuid was not found. - -**/ -BOOLEAN -CheckIdentityPolicy ( - IN EFI_GUID *NewGuid - ) -{ - UINTN Offset; - EFI_USER_INFO_IDENTITY_POLICY *Identity; - EFI_INPUT_KEY Key; - - Offset = 0; - while (Offset < mUserInfo.NewIdentityPolicyLen) { + // - // Check access policy according to type. + // Check user information. // - Identity = (EFI_USER_INFO_IDENTITY_POLICY *) (mUserInfo.NewIdentityPolicy + Offset); - switch (Identity->Type) { - - case EFI_USER_INFO_IDENTITY_TRUE: - case EFI_USER_INFO_IDENTITY_OR: - case EFI_USER_INFO_IDENTITY_AND: - break; - - case EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER: - if (CompareGuid (NewGuid, (EFI_GUID *) (Identity + 1))) { - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"This Credential Provider Are Already Used!", - L"", - L"Press Any Key to Continue ...", - NULL - ); - return FALSE; + if (Info->InfoType == EFI_USER_INFO_ACCESS_POLICY_RECORD) { + TotalLen = Info->InfoSize - sizeof (EFI_USER_INFO); + CheckLen = 0; + // + // Get specified access information. + // + while (CheckLen < TotalLen) { + CopyMem (&Access, (UINT8 *) (Info + 1) + CheckLen, sizeof (Access)); + if ((Access.Type == EFI_USER_INFO_ACCESS_ENROLL_SELF) || + (Access.Type == EFI_USER_INFO_ACCESS_ENROLL_OTHERS) || + (Access.Type == EFI_USER_INFO_ACCESS_MANAGE) + ) { + *AccessRight = Access.Type; + FreePool (Info); + return EFI_SUCCESS; + } + CheckLen += Access.Size; } - break; - - default: - CreatePopUp ( - EFI_LIGHTGRAY | EFI_BACKGROUND_BLUE, - &Key, - L"Unsupport parameter", - L"", - L"Press Any Key to Continue ...", - NULL - ); - return FALSE; } - - Offset += Identity->Length; } - return TRUE; + FreePool (Info); + return EFI_NOT_FOUND; } - -/** - Update the mUserInfo.NewIdentityPolicy, and UI when 'add option' is pressed. - -**/ -VOID -AddIdentityPolicyItem ( - VOID - ) -{ - UINT8 *NewInfo; - EFI_USER_INFO_IDENTITY_POLICY *Policy; - - if (mProviderInfo->Count == 0) { - return ; - } - - if (!mUserInfo.NewIdentityPolicyModified && (mUserInfo.NewIdentityPolicyLen > 0)) { - FreePool (mUserInfo.NewIdentityPolicy); - mUserInfo.NewIdentityPolicy = NULL; - mUserInfo.NewIdentityPolicyLen = 0; - } - // - // Expand the identity policy memory for the newly added policy info. - // - if (mUserInfo.NewIdentityPolicyLen > 0) { - // - // The new policy is not empty, expand space for connetor and provider. - // - if (!CheckIdentityPolicy (&mProviderInfo->Provider[mProviderChoice]->Identifier)) { - return ; - } - NewInfo = AllocateZeroPool ( - mUserInfo.NewIdentityPolicyLen + - sizeof (EFI_USER_INFO_IDENTITY_POLICY) * 2 + - sizeof (EFI_GUID) - ); - } else { - // - // The new policy is empty, only expand space for provider. - // - NewInfo = AllocateZeroPool ( - mUserInfo.NewIdentityPolicyLen + - sizeof (EFI_USER_INFO_IDENTITY_POLICY) + - sizeof (EFI_GUID) - ); - } - - if (NewInfo == NULL) { - return ; - } - - if (mUserInfo.NewIdentityPolicyLen > 0) { - CopyMem (NewInfo, mUserInfo.NewIdentityPolicy, mUserInfo.NewIdentityPolicyLen); - FreePool (mUserInfo.NewIdentityPolicy); - } - mUserInfo.NewIdentityPolicy = NewInfo; - - // - // Save logical connector. - // - if (mUserInfo.NewIdentityPolicyLen > 0) { - Policy = (EFI_USER_INFO_IDENTITY_POLICY *) (mUserInfo.NewIdentityPolicy + - mUserInfo.NewIdentityPolicyLen); - if (mConncetLogical == 0) { - Policy->Type = EFI_USER_INFO_IDENTITY_AND; - } else { - Policy->Type = EFI_USER_INFO_IDENTITY_OR; - } - - Policy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY); - mUserInfo.NewIdentityPolicyLen += Policy->Length; - } - - // - // Save credential provider. - // - Policy = (EFI_USER_INFO_IDENTITY_POLICY *) (mUserInfo.NewIdentityPolicy + - mUserInfo.NewIdentityPolicyLen); - Policy->Length = sizeof (EFI_USER_INFO_IDENTITY_POLICY) + sizeof (EFI_GUID); - Policy->Type = EFI_USER_INFO_IDENTITY_CREDENTIAL_PROVIDER; - CopyGuid ((EFI_GUID *) (Policy + 1), &mProviderInfo->Provider[mProviderChoice]->Identifier); - mUserInfo.NewIdentityPolicyLen += Policy->Length; - - // - // Update identity policy choice. - // - mUserInfo.NewIdentityPolicyModified = TRUE; - ResolveIdentityPolicy ( - mUserInfo.NewIdentityPolicy, - mUserInfo.NewIdentityPolicyLen, - STRING_TOKEN (STR_IDENTIFY_POLICY_VALUE) - ); -} - - -/** - Create an action OpCode with QuestionID and DevicePath on a given OpCodeHandle. - - @param[in] QuestionID The question ID. - @param[in] DevicePath Points to device path. - @param[in] OpCodeHandle Points to container for dynamic created opcodes. - -**/ -VOID -AddDevicePath ( - IN UINTN QuestionID, - IN EFI_DEVICE_PATH_PROTOCOL *DevicePath, - IN VOID *OpCodeHandle - ) -{ - EFI_STATUS Status; - EFI_DEVICE_PATH_PROTOCOL *Next; - EFI_STRING_ID NameID; - EFI_STRING DriverName; - EFI_DEVICE_PATH_TO_TEXT_PROTOCOL *DevicePathText; - - // - // Locate device path to text protocol. - // - Status = gBS->LocateProtocol ( - &gEfiDevicePathToTextProtocolGuid, - NULL, - (VOID **) &DevicePathText - ); - if (EFI_ERROR (Status)) { - return ; - } - - // - // Get driver file name node. - // - Next = DevicePath; - while (!IsDevicePathEnd (Next)) { - DevicePath = Next; - Next = NextDevicePathNode (Next); - } - - // - // Display the device path in form. - // - DriverName = DevicePathText->ConvertDevicePathToText (DevicePath, FALSE, FALSE); - NameID = HiiSetString (mCallbackInfo->HiiHandle, 0, DriverName, NULL); - FreePool (DriverName); - if (NameID == 0) { - return ; - } - - HiiCreateActionOpCode ( - OpCodeHandle, // Container for dynamic created opcodes - (UINT16) QuestionID, // Question ID - NameID, // Prompt text - STRING_TOKEN (STR_NULL_STRING), // Help text - EFI_IFR_FLAG_CALLBACK, // Question flag - 0 // Action String ID - ); -} - - -/** - Check whether the DevicePath is in the device path forbid list - (mAccessInfo.LoadForbid). - - @param[in] DevicePath Points to device path. - - @retval TRUE The DevicePath is in the device path forbid list. - @retval FALSE The DevicePath is not in the device path forbid list. - -**/ -BOOLEAN -IsLoadForbidden ( - IN EFI_DEVICE_PATH_PROTOCOL *DevicePath - ) -{ - UINTN OffSet; - UINTN DPSize; - UINTN Size; - EFI_DEVICE_PATH_PROTOCOL *Dp; - - OffSet = 0; - Size = GetDevicePathSize (DevicePath); - // - // Check each device path. - // - while (OffSet < mAccessInfo.LoadForbidLen) { - Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + OffSet); - DPSize = GetDevicePathSize (Dp); - // - // Compare device path. - // - if ((DPSize == Size) && (CompareMem (DevicePath, Dp, Size) == 0)) { - return TRUE; - } - OffSet += DPSize; - } - return FALSE; -} - - -/** - Display the permit load device path in the loadable device path list. - -**/ -VOID -DisplayLoadPermit( - VOID - ) -{ - EFI_STATUS Status; - CHAR16 *Order; - UINTN OrderSize; - UINTN ListCount; - UINTN Index; - UINT8 *Var; - UINT8 *VarPtr; - CHAR16 VarName[12]; - VOID *StartOpCodeHandle; - VOID *EndOpCodeHandle; - EFI_IFR_GUID_LABEL *StartLabel; - EFI_IFR_GUID_LABEL *EndLabel; - - // - // Get DriverOrder. - // - OrderSize = 0; - Status = gRT->GetVariable ( - L"DriverOrder", - &gEfiGlobalVariableGuid, - NULL, - &OrderSize, - NULL - ); - if (Status != EFI_BUFFER_TOO_SMALL) { - return ; - } - - Order = AllocateZeroPool (OrderSize); - if (Order == NULL) { - return ; - } - - Status = gRT->GetVariable ( - L"DriverOrder", - &gEfiGlobalVariableGuid, - NULL, - &OrderSize, - Order - ); - if (EFI_ERROR (Status)) { - return ; - } - - // - // Initialize the container for dynamic opcodes. - // - StartOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (StartOpCodeHandle != NULL); - - EndOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (EndOpCodeHandle != NULL); - - // - // Create Hii Extend Label OpCode. - // - StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( - StartOpCodeHandle, - &gEfiIfrTianoGuid, - NULL, - sizeof (EFI_IFR_GUID_LABEL) - ); - StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - StartLabel->Number = LABEL_PERMIT_LOAD_FUNC; - - EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( - EndOpCodeHandle, - &gEfiIfrTianoGuid, - NULL, - sizeof (EFI_IFR_GUID_LABEL) - ); - EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - EndLabel->Number = LABEL_END; - - // - // Add each driver option. - // - Var = NULL; - ListCount = OrderSize / sizeof (UINT16); - for (Index = 0; Index < ListCount; Index++) { - // - // Get driver device path. - // - UnicodeSPrint (VarName, sizeof (VarName), L"Driver%04x", Order[Index]); - Var = GetEfiGlobalVariable (VarName); - if (Var == NULL) { - continue; - } - - // - // Check whether the driver is already forbidden. - // - - VarPtr = Var; - // - // Skip attribute. - // - VarPtr += sizeof (UINT32); - - // - // Skip device path lenth. - // - VarPtr += sizeof (UINT16); - - // - // Skip descript string. - // - VarPtr += StrSize ((UINT16 *) VarPtr); - - if (IsLoadForbidden ((EFI_DEVICE_PATH_PROTOCOL *) VarPtr)) { - FreePool (Var); - Var = NULL; - continue; - } - - AddDevicePath ( - KEY_MODIFY_USER | KEY_MODIFY_AP_DP | KEY_LOAD_PERMIT_MODIFY | Order[Index], - (EFI_DEVICE_PATH_PROTOCOL *) VarPtr, - StartOpCodeHandle - ); - FreePool (Var); - Var = NULL; - } - - HiiUpdateForm ( - mCallbackInfo->HiiHandle, // HII handle - &gUserProfileManagerGuid, // Formset GUID - FORMID_PERMIT_LOAD_DP, // Form ID - StartOpCodeHandle, // Label for where to insert opcodes - EndOpCodeHandle // Replace data - ); - - HiiFreeOpCodeHandle (StartOpCodeHandle); - HiiFreeOpCodeHandle (EndOpCodeHandle); - - // - // Clear Environment. - // - if (Var != NULL) { - FreePool (Var); - } - FreePool (Order); -} - - -/** - Display the forbid load device path list (mAccessInfo.LoadForbid). - -**/ -VOID -DisplayLoadForbid ( - VOID - ) -{ - UINTN Offset; - UINTN DPSize; - UINTN Index; - EFI_DEVICE_PATH_PROTOCOL *Dp; - VOID *StartOpCodeHandle; - VOID *EndOpCodeHandle; - EFI_IFR_GUID_LABEL *StartLabel; - EFI_IFR_GUID_LABEL *EndLabel; - - // - // Initialize the container for dynamic opcodes. - // - StartOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (StartOpCodeHandle != NULL); - - EndOpCodeHandle = HiiAllocateOpCodeHandle (); - ASSERT (EndOpCodeHandle != NULL); - - // - // Create Hii Extend Label OpCode. - // - StartLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( - StartOpCodeHandle, - &gEfiIfrTianoGuid, - NULL, - sizeof (EFI_IFR_GUID_LABEL) - ); - StartLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - StartLabel->Number = LABLE_FORBID_LOAD_FUNC; - - EndLabel = (EFI_IFR_GUID_LABEL *) HiiCreateGuidOpCode ( - EndOpCodeHandle, - &gEfiIfrTianoGuid, - NULL, - sizeof (EFI_IFR_GUID_LABEL) - ); - EndLabel->ExtendOpCode = EFI_IFR_EXTEND_OP_LABEL; - EndLabel->Number = LABEL_END; - - // - // Add each forbid load drivers. - // - Offset = 0; - Index = 0; - while (Offset < mAccessInfo.LoadForbidLen) { - Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + Offset); - DPSize = GetDevicePathSize (Dp); - AddDevicePath ( - KEY_MODIFY_USER | KEY_MODIFY_AP_DP | KEY_LOAD_FORBID_MODIFY | Index, - Dp, - StartOpCodeHandle - ); - Index++; - Offset += DPSize; - } - - HiiUpdateForm ( - mCallbackInfo->HiiHandle, // HII handle - &gUserProfileManagerGuid, // Formset GUID - FORMID_FORBID_LOAD_DP, // Form ID - StartOpCodeHandle, // Label for where to insert opcodes - EndOpCodeHandle // Replace data - ); - - HiiFreeOpCodeHandle (StartOpCodeHandle); - HiiFreeOpCodeHandle (EndOpCodeHandle); -} - - -/** - Display the permit connect device path. - -**/ -VOID -DisplayConnectPermit ( - VOID - ) -{ - // - // Note: - // As no architect protocol/interface to be called in ConnectController() - // to verify the device path, just add a place holder for permitted connect - // device path. - // -} - - -/** - Display the forbid connect device path list. - -**/ -VOID -DisplayConnectForbid ( - VOID - ) -{ - // - // Note: - // As no architect protocol/interface to be called in ConnectController() - // to verify the device path, just add a place holder for forbidden connect - // device path. - // -} - - -/** - Delete the specified device path by DriverIndex from the forbid device path - list (mAccessInfo.LoadForbid). - - @param[in] DriverIndex The index of driver in forbidden device path list. - -**/ -VOID -DeleteFromForbidLoad ( - IN UINT16 DriverIndex - ) -{ - UINTN OffSet; - UINTN DPSize; - UINTN OffLen; - EFI_DEVICE_PATH_PROTOCOL *Dp; - - OffSet = 0; - // - // Find the specified device path. - // - while ((OffSet < mAccessInfo.LoadForbidLen) && (DriverIndex > 0)) { - Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + OffSet); - DPSize = GetDevicePathSize (Dp); - OffSet += DPSize; - DriverIndex--; - } - - // - // Specified device path found. - // - if (DriverIndex == 0) { - Dp = (EFI_DEVICE_PATH_PROTOCOL *) (mAccessInfo.LoadForbid + OffSet); - DPSize = GetDevicePathSize (Dp); - OffLen = mAccessInfo.LoadForbidLen - OffSet - DPSize; - if (OffLen > 0) { - CopyMem ( - mAccessInfo.LoadForbid + OffSet, - mAccessInfo.LoadForbid + OffSet + DPSize, - OffLen - ); - } - mAccessInfo.LoadForbidLen -= DPSize; - } -} - - -/** - Add the specified device path by DriverIndex to the forbid device path - list (mAccessInfo.LoadForbid). - - @param[in] DriverIndex The index of driver saved in driver options. - -**/ -VOID -AddToForbidLoad ( - IN UINT16 DriverIndex - ) -{ - UINTN DevicePathLen; - UINT8 *Var; - UINT8 *VarPtr; - UINTN NewLen; - UINT8 *NewFL; - CHAR16 VarName[13]; - - // - // Get loadable driver device path. - // - UnicodeSPrint (VarName, sizeof (VarName), L"Driver%04x", DriverIndex); - Var = GetEfiGlobalVariable (VarName); - if (Var == NULL) { - return; - } - - // - // Save forbid load driver. - // - - VarPtr = Var; - // - // Skip attribute. - // - VarPtr += sizeof (UINT32); - - DevicePathLen = *(UINT16 *) VarPtr; - // - // Skip device path length. - // - VarPtr += sizeof (UINT16); - - // - // Skip description string. - // - VarPtr += StrSize ((UINT16 *) VarPtr); - - NewLen = mAccessInfo.LoadForbidLen + DevicePathLen; - NewFL = AllocateZeroPool (NewLen); - if (NewFL == NULL) { - FreePool (Var); - return ; - } - - if (mAccessInfo.LoadForbidLen > 0) { - CopyMem (NewFL, mAccessInfo.LoadForbid, mAccessInfo.LoadForbidLen); - FreePool (mAccessInfo.LoadForbid); - } - - CopyMem (NewFL + mAccessInfo.LoadForbidLen, VarPtr, DevicePathLen); - mAccessInfo.LoadForbidLen = NewLen; - mAccessInfo.LoadForbid = NewFL; - FreePool (Var); -} - - -/** - Get current user's access right. - - @param[out] AccessRight Points to the buffer used for user's access right. - - @retval EFI_SUCCESS Get current user access right successfully. - @retval others Fail to get current user access right. - -**/ -EFI_STATUS -GetAccessRight ( - OUT UINT32 *AccessRight - ) -{ - EFI_STATUS Status; - EFI_USER_INFO_HANDLE UserInfo; - EFI_USER_INFO *Info; - UINTN InfoSize; - UINTN MemSize; - EFI_USER_INFO_ACCESS_CONTROL Access; - EFI_USER_PROFILE_HANDLE CurrentUser; - UINTN TotalLen; - UINTN CheckLen; - - // - // Allocate user information memory. - // - MemSize = sizeof (EFI_USER_INFO) + 63; - Info = AllocateZeroPool (MemSize); - if (Info == NULL) { - return EFI_OUT_OF_RESOURCES; - } - - // - // Get user access information. - // - UserInfo = NULL; - mUserManager->Current (mUserManager, &CurrentUser); - while (TRUE) { - InfoSize = MemSize; - // - // Get next user information. - // - Status = mUserManager->GetNextInfo (mUserManager, CurrentUser, &UserInfo); - if (EFI_ERROR (Status)) { - break; - } - - Status = mUserManager->GetInfo ( - mUserManager, - CurrentUser, - UserInfo, - Info, - &InfoSize - ); - if (Status == EFI_BUFFER_TOO_SMALL) { - MemSize = InfoSize; - FreePool (Info); - Info = AllocateZeroPool (MemSize); - if (Info == NULL) { - return EFI_OUT_OF_RESOURCES; - } - Status = mUserManager->GetInfo ( - mUserManager, - CurrentUser, - UserInfo, - Info, - &InfoSize - ); - } - if (EFI_ERROR (Status)) { - break; - } - - // - // Check user information. - // - if (Info->InfoType == EFI_USER_INFO_ACCESS_POLICY_RECORD) { - TotalLen = Info->InfoSize - sizeof (EFI_USER_INFO); - CheckLen = 0; - // - // Get specified access information. - // - while (CheckLen < TotalLen) { - CopyMem (&Access, (UINT8 *) (Info + 1) + CheckLen, sizeof (Access)); - if ((Access.Type == EFI_USER_INFO_ACCESS_ENROLL_SELF) || - (Access.Type == EFI_USER_INFO_ACCESS_ENROLL_OTHERS) || - (Access.Type == EFI_USER_INFO_ACCESS_MANAGE) - ) { - *AccessRight = Access.Type; - FreePool (Info); - return EFI_SUCCESS; - } - CheckLen += Access.Size; - } - } - } - FreePool (Info); - return EFI_NOT_FOUND; -} - - -