diff options
Diffstat (limited to 'MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c')
| -rw-r--r-- | MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c | 393 |
1 files changed, 213 insertions, 180 deletions
diff --git a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c index 12944ac7ea..82dae67ef5 100644 --- a/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c +++ b/MdeModulePkg/Library/VariablePolicyLib/VariablePolicyLib.c @@ -17,7 +17,6 @@ SPDX-License-Identifier: BSD-2-Clause-Patent #include <Protocol/VariablePolicy.h>
#include <Library/VariablePolicyLib.h>
-
// IMPORTANT NOTE: This library is currently rife with multiple return statements
// for error handling. A refactor should remove these at some point.
@@ -25,38 +24,37 @@ SPDX-License-Identifier: BSD-2-Clause-Patent // This library was designed with advanced unit-test features.
// This define handles the configuration.
#ifdef INTERNAL_UNIT_TEST
-#undef STATIC
+ #undef STATIC
#define STATIC // Nothing...
#endif
// An abstracted GetVariable interface that enables configuration regardless of the environment.
-EFI_GET_VARIABLE mGetVariableHelper = NULL;
+EFI_GET_VARIABLE mGetVariableHelper = NULL;
// Master switch to lock this entire interface. Does not stop enforcement,
// just prevents the configuration from being changed for the rest of the boot.
-STATIC BOOLEAN mInterfaceLocked = FALSE;
+STATIC BOOLEAN mInterfaceLocked = FALSE;
// Master switch to disable the entire interface for a single boot.
// This will disable all policy enforcement for the duration of the boot.
-STATIC BOOLEAN mProtectionDisabled = FALSE;
+STATIC BOOLEAN mProtectionDisabled = FALSE;
// Table to hold all the current policies.
-UINT8 *mPolicyTable = NULL;
-STATIC UINT32 mCurrentTableSize = 0;
-STATIC UINT32 mCurrentTableUsage = 0;
-STATIC UINT32 mCurrentTableCount = 0;
+UINT8 *mPolicyTable = NULL;
+STATIC UINT32 mCurrentTableSize = 0;
+STATIC UINT32 mCurrentTableUsage = 0;
+STATIC UINT32 mCurrentTableCount = 0;
-#define POLICY_TABLE_STEP_SIZE 0x1000
+#define POLICY_TABLE_STEP_SIZE 0x1000
// NOTE: DO NOT USE THESE MACROS on any structure that has not been validated.
// Current table data has already been sanitized.
-#define GET_NEXT_POLICY(CurPolicy) (VARIABLE_POLICY_ENTRY*)((UINT8*)CurPolicy + CurPolicy->Size)
-#define GET_POLICY_NAME(CurPolicy) (CHAR16*)((UINTN)CurPolicy + CurPolicy->OffsetToName)
-
-#define MATCH_PRIORITY_EXACT 0
-#define MATCH_PRIORITY_MAX MATCH_PRIORITY_EXACT
-#define MATCH_PRIORITY_MIN MAX_UINT8
+#define GET_NEXT_POLICY(CurPolicy) (VARIABLE_POLICY_ENTRY*)((UINT8*)CurPolicy + CurPolicy->Size)
+#define GET_POLICY_NAME(CurPolicy) (CHAR16*)((UINTN)CurPolicy + CurPolicy->OffsetToName)
+#define MATCH_PRIORITY_EXACT 0
+#define MATCH_PRIORITY_MAX MATCH_PRIORITY_EXACT
+#define MATCH_PRIORITY_MIN MAX_UINT8
/**
An extra init hook that enables the RuntimeDxe library instance to
@@ -84,7 +82,6 @@ VariablePolicyExtraDeinit ( VOID
);
-
/**
This helper function determines whether the structure of an incoming policy
is valid and internally consistent.
@@ -99,27 +96,28 @@ VariablePolicyExtraDeinit ( STATIC
BOOLEAN
IsValidVariablePolicyStructure (
- IN CONST VARIABLE_POLICY_ENTRY *NewPolicy
+ IN CONST VARIABLE_POLICY_ENTRY *NewPolicy
)
{
- EFI_STATUS Status;
- UINTN EntryEnd;
- CHAR16 *CheckChar;
- UINTN WildcardCount;
+ EFI_STATUS Status;
+ UINTN EntryEnd;
+ CHAR16 *CheckChar;
+ UINTN WildcardCount;
// Sanitize some quick values.
- if (NewPolicy == NULL || NewPolicy->Size == 0 ||
+ if ((NewPolicy == NULL) || (NewPolicy->Size == 0) ||
// Structure size should be at least as long as the minumum structure and a NULL string.
- NewPolicy->Size < sizeof(VARIABLE_POLICY_ENTRY) ||
+ (NewPolicy->Size < sizeof (VARIABLE_POLICY_ENTRY)) ||
// Check for the known revision.
- NewPolicy->Version != VARIABLE_POLICY_ENTRY_REVISION) {
+ (NewPolicy->Version != VARIABLE_POLICY_ENTRY_REVISION))
+ {
return FALSE;
}
// Calculate the theoretical end of the structure and make sure
// that the structure can fit in memory.
- Status = SafeUintnAdd( (UINTN)NewPolicy, NewPolicy->Size, &EntryEnd );
- if (EFI_ERROR( Status )) {
+ Status = SafeUintnAdd ((UINTN)NewPolicy, NewPolicy->Size, &EntryEnd);
+ if (EFI_ERROR (Status)) {
return FALSE;
}
@@ -129,10 +127,10 @@ IsValidVariablePolicyStructure ( }
// Check for the valid list of lock policies.
- if (NewPolicy->LockPolicyType != VARIABLE_POLICY_TYPE_NO_LOCK &&
- NewPolicy->LockPolicyType != VARIABLE_POLICY_TYPE_LOCK_NOW &&
- NewPolicy->LockPolicyType != VARIABLE_POLICY_TYPE_LOCK_ON_CREATE &&
- NewPolicy->LockPolicyType != VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE)
+ if ((NewPolicy->LockPolicyType != VARIABLE_POLICY_TYPE_NO_LOCK) &&
+ (NewPolicy->LockPolicyType != VARIABLE_POLICY_TYPE_LOCK_NOW) &&
+ (NewPolicy->LockPolicyType != VARIABLE_POLICY_TYPE_LOCK_ON_CREATE) &&
+ (NewPolicy->LockPolicyType != VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE))
{
return FALSE;
}
@@ -141,26 +139,32 @@ IsValidVariablePolicyStructure ( // terminates before the OffsetToName for the matching policy variable Name.
if (NewPolicy->LockPolicyType == VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE) {
// Adjust CheckChar to the offset of the LockPolicy->Name.
- Status = SafeUintnAdd( (UINTN)NewPolicy + sizeof(VARIABLE_POLICY_ENTRY),
- sizeof(VARIABLE_LOCK_ON_VAR_STATE_POLICY),
- (UINTN*)&CheckChar );
- if (EFI_ERROR( Status ) || EntryEnd <= (UINTN)CheckChar) {
+ Status = SafeUintnAdd (
+ (UINTN)NewPolicy + sizeof (VARIABLE_POLICY_ENTRY),
+ sizeof (VARIABLE_LOCK_ON_VAR_STATE_POLICY),
+ (UINTN *)&CheckChar
+ );
+ if (EFI_ERROR (Status) || (EntryEnd <= (UINTN)CheckChar)) {
return FALSE;
}
+
while (*CheckChar != CHAR_NULL) {
if (EntryEnd <= (UINTN)CheckChar) {
return FALSE;
}
+
CheckChar++;
}
+
// At this point we should have either exeeded the structure or be pointing at the last char in LockPolicy->Name.
// We should check to make sure that the policy Name comes immediately after this charcter.
- if ((UINTN)++CheckChar != (UINTN)NewPolicy + NewPolicy->OffsetToName) {
+ if ((UINTN)++ CheckChar != (UINTN)NewPolicy + NewPolicy->OffsetToName) {
return FALSE;
}
- // If the policy type is any other value, make sure that the LockPolicy structure has a zero length.
+
+ // If the policy type is any other value, make sure that the LockPolicy structure has a zero length.
} else {
- if (NewPolicy->OffsetToName != sizeof(VARIABLE_POLICY_ENTRY)) {
+ if (NewPolicy->OffsetToName != sizeof (VARIABLE_POLICY_ENTRY)) {
return FALSE;
}
}
@@ -169,7 +173,7 @@ IsValidVariablePolicyStructure ( // before the end of the structure.
// We've already checked that the name is within the bounds of the structure.
if (NewPolicy->Size != NewPolicy->OffsetToName) {
- CheckChar = (CHAR16*)((UINTN)NewPolicy + NewPolicy->OffsetToName);
+ CheckChar = (CHAR16 *)((UINTN)NewPolicy + NewPolicy->OffsetToName);
WildcardCount = 0;
while (*CheckChar != CHAR_NULL) {
// Make sure there aren't excessive wildcards.
@@ -179,16 +183,18 @@ IsValidVariablePolicyStructure ( return FALSE;
}
}
+
// Make sure you're still within the bounds of the policy structure.
if (EntryEnd <= (UINTN)CheckChar) {
return FALSE;
}
+
CheckChar++;
}
// Finally, we should be pointed at the very last character in Name, so we should be right
// up against the end of the structure.
- if ((UINTN)++CheckChar != EntryEnd) {
+ if ((UINTN)++ CheckChar != EntryEnd) {
return FALSE;
}
}
@@ -196,7 +202,6 @@ IsValidVariablePolicyStructure ( return TRUE;
}
-
/**
This helper function evaluates a policy and determines whether it matches the target
variable. If matched, will also return a value corresponding to the priority of the match.
@@ -219,22 +224,22 @@ IsValidVariablePolicyStructure ( STATIC
BOOLEAN
EvaluatePolicyMatch (
- IN CONST VARIABLE_POLICY_ENTRY *EvalEntry,
- IN CONST CHAR16 *VariableName,
- IN CONST EFI_GUID *VendorGuid,
- OUT UINT8 *MatchPriority OPTIONAL
+ IN CONST VARIABLE_POLICY_ENTRY *EvalEntry,
+ IN CONST CHAR16 *VariableName,
+ IN CONST EFI_GUID *VendorGuid,
+ OUT UINT8 *MatchPriority OPTIONAL
)
{
- BOOLEAN Result;
- CHAR16 *PolicyName;
- UINT8 CalculatedPriority;
- UINTN Index;
+ BOOLEAN Result;
+ CHAR16 *PolicyName;
+ UINT8 CalculatedPriority;
+ UINTN Index;
- Result = FALSE;
+ Result = FALSE;
CalculatedPriority = MATCH_PRIORITY_EXACT;
// Step 1: If the GUID doesn't match, we're done. No need to evaluate anything else.
- if (!CompareGuid( &EvalEntry->Namespace, VendorGuid )) {
+ if (!CompareGuid (&EvalEntry->Namespace, VendorGuid)) {
goto Exit;
}
@@ -243,47 +248,50 @@ EvaluatePolicyMatch ( // Missing Name is indicated by size being equal to name.
if (EvalEntry->Size == EvalEntry->OffsetToName) {
CalculatedPriority = MATCH_PRIORITY_MIN;
- Result = TRUE;
+ Result = TRUE;
goto Exit;
}
// Now that we know the name exists, get it.
- PolicyName = GET_POLICY_NAME( EvalEntry );
+ PolicyName = GET_POLICY_NAME (EvalEntry);
// Evaluate the name against the policy name and check for a match.
// Account for any wildcards.
- Index = 0;
+ Index = 0;
Result = TRUE;
// Keep going until the end of both strings.
while (PolicyName[Index] != CHAR_NULL || VariableName[Index] != CHAR_NULL) {
// If we don't have a match...
- if (PolicyName[Index] != VariableName[Index] || PolicyName[Index] == '#') {
+ if ((PolicyName[Index] != VariableName[Index]) || (PolicyName[Index] == '#')) {
// If this is a numerical wildcard, we can consider
// it a match if we alter the priority.
- if (PolicyName[Index] == L'#' &&
- ((L'0' <= VariableName[Index] && VariableName[Index] <= L'9') ||
- (L'A' <= VariableName[Index] && VariableName[Index] <= L'F') ||
- (L'a' <= VariableName[Index] && VariableName[Index] <= L'f'))) {
+ if ((PolicyName[Index] == L'#') &&
+ (((L'0' <= VariableName[Index]) && (VariableName[Index] <= L'9')) ||
+ ((L'A' <= VariableName[Index]) && (VariableName[Index] <= L'F')) ||
+ ((L'a' <= VariableName[Index]) && (VariableName[Index] <= L'f'))))
+ {
if (CalculatedPriority < MATCH_PRIORITY_MIN) {
CalculatedPriority++;
}
- // Otherwise, not a match.
+
+ // Otherwise, not a match.
} else {
Result = FALSE;
goto Exit;
}
}
+
Index++;
}
Exit:
- if (Result && MatchPriority != NULL) {
+ if (Result && (MatchPriority != NULL)) {
*MatchPriority = CalculatedPriority;
}
+
return Result;
}
-
/**
This helper function walks the current policy table and returns a pointer
to the best match, if any are found. Leverages EvaluatePolicyMatch() to
@@ -300,30 +308,30 @@ Exit: **/
STATIC
-VARIABLE_POLICY_ENTRY*
+VARIABLE_POLICY_ENTRY *
GetBestPolicyMatch (
- IN CONST CHAR16 *VariableName,
- IN CONST EFI_GUID *VendorGuid,
- OUT UINT8 *ReturnPriority OPTIONAL
+ IN CONST CHAR16 *VariableName,
+ IN CONST EFI_GUID *VendorGuid,
+ OUT UINT8 *ReturnPriority OPTIONAL
)
{
- VARIABLE_POLICY_ENTRY *BestResult;
- VARIABLE_POLICY_ENTRY *CurrentEntry;
- UINT8 MatchPriority;
- UINT8 CurrentPriority;
- UINTN Index;
+ VARIABLE_POLICY_ENTRY *BestResult;
+ VARIABLE_POLICY_ENTRY *CurrentEntry;
+ UINT8 MatchPriority;
+ UINT8 CurrentPriority;
+ UINTN Index;
- BestResult = NULL;
+ BestResult = NULL;
MatchPriority = MATCH_PRIORITY_EXACT;
// Walk all entries in the table, looking for matches.
- CurrentEntry = (VARIABLE_POLICY_ENTRY*)mPolicyTable;
+ CurrentEntry = (VARIABLE_POLICY_ENTRY *)mPolicyTable;
for (Index = 0; Index < mCurrentTableCount; Index++) {
// Check for a match.
- if (EvaluatePolicyMatch( CurrentEntry, VariableName, VendorGuid, &CurrentPriority )) {
+ if (EvaluatePolicyMatch (CurrentEntry, VariableName, VendorGuid, &CurrentPriority)) {
// If match is better, take it.
- if (BestResult == NULL || CurrentPriority < MatchPriority) {
- BestResult = CurrentEntry;
+ if ((BestResult == NULL) || (CurrentPriority < MatchPriority)) {
+ BestResult = CurrentEntry;
MatchPriority = CurrentPriority;
}
@@ -334,7 +342,7 @@ GetBestPolicyMatch ( }
// If we're still in the loop, move to the next entry.
- CurrentEntry = GET_NEXT_POLICY( CurrentEntry );
+ CurrentEntry = GET_NEXT_POLICY (CurrentEntry);
}
// If a return priority was requested, return it.
@@ -345,7 +353,6 @@ GetBestPolicyMatch ( return BestResult;
}
-
/**
This API function validates and registers a new policy with
the policy enforcement engine.
@@ -365,65 +372,72 @@ GetBestPolicyMatch ( EFI_STATUS
EFIAPI
RegisterVariablePolicy (
- IN CONST VARIABLE_POLICY_ENTRY *NewPolicy
+ IN CONST VARIABLE_POLICY_ENTRY *NewPolicy
)
{
- EFI_STATUS Status;
- VARIABLE_POLICY_ENTRY *MatchPolicy;
- UINT8 MatchPriority;
- UINT32 NewSize;
- UINT8 *NewTable;
+ EFI_STATUS Status;
+ VARIABLE_POLICY_ENTRY *MatchPolicy;
+ UINT8 MatchPriority;
+ UINT32 NewSize;
+ UINT8 *NewTable;
- if (!IsVariablePolicyLibInitialized()) {
+ if (!IsVariablePolicyLibInitialized ()) {
return EFI_NOT_READY;
}
+
if (mInterfaceLocked) {
return EFI_WRITE_PROTECTED;
}
- if (!IsValidVariablePolicyStructure( NewPolicy )) {
+ if (!IsValidVariablePolicyStructure (NewPolicy)) {
return EFI_INVALID_PARAMETER;
}
// Check to see whether an exact matching policy already exists.
- MatchPolicy = GetBestPolicyMatch( GET_POLICY_NAME( NewPolicy ),
- &NewPolicy->Namespace,
- &MatchPriority );
- if (MatchPolicy != NULL && MatchPriority == MATCH_PRIORITY_EXACT) {
+ MatchPolicy = GetBestPolicyMatch (
+ GET_POLICY_NAME (NewPolicy),
+ &NewPolicy->Namespace,
+ &MatchPriority
+ );
+ if ((MatchPolicy != NULL) && (MatchPriority == MATCH_PRIORITY_EXACT)) {
return EFI_ALREADY_STARTED;
}
// If none exists, create it.
// If we need more space, allocate that now.
- Status = SafeUint32Add( mCurrentTableUsage, NewPolicy->Size, &NewSize );
- if (EFI_ERROR( Status )) {
+ Status = SafeUint32Add (mCurrentTableUsage, NewPolicy->Size, &NewSize);
+ if (EFI_ERROR (Status)) {
return EFI_ABORTED;
}
+
if (NewSize > mCurrentTableSize) {
// Use NewSize to calculate the new table size in units of POLICY_TABLE_STEP_SIZE.
NewSize = (NewSize % POLICY_TABLE_STEP_SIZE) > 0 ?
- (NewSize / POLICY_TABLE_STEP_SIZE) + 1 :
- (NewSize / POLICY_TABLE_STEP_SIZE);
+ (NewSize / POLICY_TABLE_STEP_SIZE) + 1 :
+ (NewSize / POLICY_TABLE_STEP_SIZE);
// Calculate the new table size in absolute bytes.
- Status = SafeUint32Mult( NewSize, POLICY_TABLE_STEP_SIZE, &NewSize );
- if (EFI_ERROR( Status )) {
+ Status = SafeUint32Mult (NewSize, POLICY_TABLE_STEP_SIZE, &NewSize);
+ if (EFI_ERROR (Status)) {
return EFI_ABORTED;
}
// Reallocate and copy the table.
- NewTable = AllocateRuntimePool( NewSize );
+ NewTable = AllocateRuntimePool (NewSize);
if (NewTable == NULL) {
return EFI_OUT_OF_RESOURCES;
}
- CopyMem( NewTable, mPolicyTable, mCurrentTableUsage );
+
+ CopyMem (NewTable, mPolicyTable, mCurrentTableUsage);
mCurrentTableSize = NewSize;
if (mPolicyTable != NULL) {
- FreePool( mPolicyTable );
+ FreePool (mPolicyTable);
}
+
mPolicyTable = NewTable;
}
+
// Copy the policy into the table.
- CopyMem( mPolicyTable + mCurrentTableUsage, NewPolicy, NewPolicy->Size );
+ CopyMem (mPolicyTable + mCurrentTableUsage, NewPolicy, NewPolicy->Size);
mCurrentTableUsage += NewPolicy->Size;
mCurrentTableCount += 1;
@@ -432,7 +446,6 @@ RegisterVariablePolicy ( return EFI_SUCCESS;
}
-
/**
This API function checks to see whether the parameters to SetVariable would
be allowed according to the current variable policies.
@@ -455,25 +468,25 @@ RegisterVariablePolicy ( EFI_STATUS
EFIAPI
ValidateSetVariable (
- IN CHAR16 *VariableName,
- IN EFI_GUID *VendorGuid,
- IN UINT32 Attributes,
- IN UINTN DataSize,
- IN VOID *Data
+ IN CHAR16 *VariableName,
+ IN EFI_GUID *VendorGuid,
+ IN UINT32 Attributes,
+ IN UINTN DataSize,
+ IN VOID *Data
)
{
- BOOLEAN IsDel;
- VARIABLE_POLICY_ENTRY *ActivePolicy;
- EFI_STATUS Status;
- EFI_STATUS ReturnStatus;
- VARIABLE_LOCK_ON_VAR_STATE_POLICY *StateVarPolicy;
- CHAR16 *StateVarName;
- UINTN StateVarSize;
- UINT8 StateVar;
+ BOOLEAN IsDel;
+ VARIABLE_POLICY_ENTRY *ActivePolicy;
+ EFI_STATUS Status;
+ EFI_STATUS ReturnStatus;
+ VARIABLE_LOCK_ON_VAR_STATE_POLICY *StateVarPolicy;
+ CHAR16 *StateVarName;
+ UINTN StateVarSize;
+ UINT8 StateVar;
ReturnStatus = EFI_SUCCESS;
- if (!IsVariablePolicyLibInitialized()) {
+ if (!IsVariablePolicyLibInitialized ()) {
ReturnStatus = EFI_NOT_READY;
goto Exit;
}
@@ -493,7 +506,7 @@ ValidateSetVariable ( }
// Find an active policy if one exists.
- ActivePolicy = GetBestPolicyMatch( VariableName, VendorGuid, NULL );
+ ActivePolicy = GetBestPolicyMatch (VariableName, VendorGuid, NULL);
// If we have an active policy, check it against the incoming data.
if (ActivePolicy != NULL) {
@@ -501,20 +514,34 @@ ValidateSetVariable ( // Only enforce size and attribute constraints when updating data, not deleting.
if (!IsDel) {
// Check for size constraints.
- if ((ActivePolicy->MinSize > 0 && DataSize < ActivePolicy->MinSize) ||
- (ActivePolicy->MaxSize > 0 && DataSize > ActivePolicy->MaxSize)) {
+ if (((ActivePolicy->MinSize > 0) && (DataSize < ActivePolicy->MinSize)) ||
+ ((ActivePolicy->MaxSize > 0) && (DataSize > ActivePolicy->MaxSize)))
+ {
ReturnStatus = EFI_INVALID_PARAMETER;
- DEBUG(( DEBUG_VERBOSE, "%a - Bad Size. 0x%X <> 0x%X-0x%X\n", __FUNCTION__,
- DataSize, ActivePolicy->MinSize, ActivePolicy->MaxSize ));
+ DEBUG ((
+ DEBUG_VERBOSE,
+ "%a - Bad Size. 0x%X <> 0x%X-0x%X\n",
+ __FUNCTION__,
+ DataSize,
+ ActivePolicy->MinSize,
+ ActivePolicy->MaxSize
+ ));
goto Exit;
}
// Check for attribute constraints.
- if ((ActivePolicy->AttributesMustHave & Attributes) != ActivePolicy->AttributesMustHave ||
- (ActivePolicy->AttributesCantHave & Attributes) != 0) {
+ if (((ActivePolicy->AttributesMustHave & Attributes) != ActivePolicy->AttributesMustHave) ||
+ ((ActivePolicy->AttributesCantHave & Attributes) != 0))
+ {
ReturnStatus = EFI_INVALID_PARAMETER;
- DEBUG(( DEBUG_VERBOSE, "%a - Bad Attributes. 0x%X <> 0x%X:0x%X\n", __FUNCTION__,
- Attributes, ActivePolicy->AttributesMustHave, ActivePolicy->AttributesCantHave ));
+ DEBUG ((
+ DEBUG_VERBOSE,
+ "%a - Bad Attributes. 0x%X <> 0x%X:0x%X\n",
+ __FUNCTION__,
+ Attributes,
+ ActivePolicy->AttributesMustHave,
+ ActivePolicy->AttributesCantHave
+ ));
goto Exit;
}
}
@@ -526,37 +553,43 @@ ValidateSetVariable ( if (ActivePolicy->LockPolicyType == VARIABLE_POLICY_TYPE_LOCK_NOW) {
ReturnStatus = EFI_WRITE_PROTECTED;
goto Exit;
- // Check for lock on create.
+ // Check for lock on create.
} else if (ActivePolicy->LockPolicyType == VARIABLE_POLICY_TYPE_LOCK_ON_CREATE) {
StateVarSize = 0;
- Status = mGetVariableHelper( VariableName,
- VendorGuid,
- NULL,
- &StateVarSize,
- NULL );
+ Status = mGetVariableHelper (
+ VariableName,
+ VendorGuid,
+ NULL,
+ &StateVarSize,
+ NULL
+ );
if (Status == EFI_BUFFER_TOO_SMALL) {
ReturnStatus = EFI_WRITE_PROTECTED;
goto Exit;
}
- // Check for lock on state variable.
+
+ // Check for lock on state variable.
} else if (ActivePolicy->LockPolicyType == VARIABLE_POLICY_TYPE_LOCK_ON_VAR_STATE) {
- StateVarPolicy = (VARIABLE_LOCK_ON_VAR_STATE_POLICY*)((UINT8*)ActivePolicy + sizeof(VARIABLE_POLICY_ENTRY));
- StateVarName = (CHAR16*)((UINT8*)StateVarPolicy + sizeof(VARIABLE_LOCK_ON_VAR_STATE_POLICY));
- StateVarSize = sizeof(StateVar);
- Status = mGetVariableHelper( StateVarName,
- &StateVarPolicy->Namespace,
- NULL,
- &StateVarSize,
- &StateVar );
+ StateVarPolicy = (VARIABLE_LOCK_ON_VAR_STATE_POLICY *)((UINT8 *)ActivePolicy + sizeof (VARIABLE_POLICY_ENTRY));
+ StateVarName = (CHAR16 *)((UINT8 *)StateVarPolicy + sizeof (VARIABLE_LOCK_ON_VAR_STATE_POLICY));
+ StateVarSize = sizeof (StateVar);
+ Status = mGetVariableHelper (
+ StateVarName,
+ &StateVarPolicy->Namespace,
+ NULL,
+ &StateVarSize,
+ &StateVar
+ );
// If the variable was found, check the state. If matched, this variable is locked.
- if (!EFI_ERROR( Status )) {
+ if (!EFI_ERROR (Status)) {
if (StateVar == StateVarPolicy->Value) {
ReturnStatus = EFI_WRITE_PROTECTED;
goto Exit;
}
- // EFI_NOT_FOUND and EFI_BUFFER_TOO_SMALL indicate that the state doesn't match.
- } else if (Status != EFI_NOT_FOUND && Status != EFI_BUFFER_TOO_SMALL) {
+
+ // EFI_NOT_FOUND and EFI_BUFFER_TOO_SMALL indicate that the state doesn't match.
+ } else if ((Status != EFI_NOT_FOUND) && (Status != EFI_BUFFER_TOO_SMALL)) {
// We don't know what happened, but it isn't good.
ReturnStatus = EFI_ABORTED;
goto Exit;
@@ -565,11 +598,10 @@ ValidateSetVariable ( }
Exit:
- DEBUG(( DEBUG_VERBOSE, "%a - Variable (%g:%s) returning %r.\n", __FUNCTION__, VendorGuid, VariableName, ReturnStatus ));
+ DEBUG ((DEBUG_VERBOSE, "%a - Variable (%g:%s) returning %r.\n", __FUNCTION__, VendorGuid, VariableName, ReturnStatus));
return ReturnStatus;
}
-
/**
This API function disables the variable policy enforcement. If it's
already been called once, will return EFI_ALREADY_STARTED.
@@ -587,23 +619,26 @@ DisableVariablePolicy ( VOID
)
{
- if (!IsVariablePolicyLibInitialized()) {
+ if (!IsVariablePolicyLibInitialized ()) {
return EFI_NOT_READY;
}
+
if (mProtectionDisabled) {
return EFI_ALREADY_STARTED;
}
+
if (mInterfaceLocked) {
return EFI_WRITE_PROTECTED;
}
+
if (!PcdGetBool (PcdAllowVariablePolicyEnforcementDisable)) {
return EFI_WRITE_PROTECTED;
}
+
mProtectionDisabled = TRUE;
return EFI_SUCCESS;
}
-
/**
This API function will dump the entire contents of the variable policy table.
@@ -623,16 +658,16 @@ DisableVariablePolicy ( EFI_STATUS
EFIAPI
DumpVariablePolicy (
- OUT UINT8 *Policy,
- IN OUT UINT32 *Size
+ OUT UINT8 *Policy,
+ IN OUT UINT32 *Size
)
{
- if (!IsVariablePolicyLibInitialized()) {
+ if (!IsVariablePolicyLibInitialized ()) {
return EFI_NOT_READY;
}
// Check the parameters.
- if (Size == NULL || (*Size > 0 && Policy == NULL)) {
+ if ((Size == NULL) || ((*Size > 0) && (Policy == NULL))) {
return EFI_INVALID_PARAMETER;
}
@@ -643,13 +678,12 @@ DumpVariablePolicy ( }
// If we're still here, copy the table and bounce.
- CopyMem( Policy, mPolicyTable, mCurrentTableUsage );
+ CopyMem (Policy, mPolicyTable, mCurrentTableUsage);
*Size = mCurrentTableUsage;
return EFI_SUCCESS;
}
-
/**
This API function returns whether or not the policy engine is
currently being enforced.
@@ -665,13 +699,13 @@ IsVariablePolicyEnabled ( VOID
)
{
- if (!IsVariablePolicyLibInitialized()) {
+ if (!IsVariablePolicyLibInitialized ()) {
return FALSE;
}
+
return !mProtectionDisabled;
}
-
/**
This API function locks the interface so that no more policy updates
can be performed or changes made to the enforcement until the next boot.
@@ -686,17 +720,18 @@ LockVariablePolicy ( VOID
)
{
- if (!IsVariablePolicyLibInitialized()) {
+ if (!IsVariablePolicyLibInitialized ()) {
return EFI_NOT_READY;
}
+
if (mInterfaceLocked) {
return EFI_WRITE_PROTECTED;
}
+
mInterfaceLocked = TRUE;
return EFI_SUCCESS;
}
-
/**
This API function returns whether or not the policy interface is locked
for the remainder of the boot.
@@ -712,13 +747,13 @@ IsVariablePolicyInterfaceLocked ( VOID
)
{
- if (!IsVariablePolicyLibInitialized()) {
+ if (!IsVariablePolicyLibInitialized ()) {
return FALSE;
}
+
return mInterfaceLocked;
}
-
/**
This helper function initializes the library and sets
up any required internal structures or handlers.
@@ -736,10 +771,10 @@ IsVariablePolicyInterfaceLocked ( EFI_STATUS
EFIAPI
InitVariablePolicyLib (
- IN EFI_GET_VARIABLE GetVariableHelper
+ IN EFI_GET_VARIABLE GetVariableHelper
)
{
- EFI_STATUS Status;
+ EFI_STATUS Status;
Status = EFI_SUCCESS;
@@ -747,27 +782,26 @@ InitVariablePolicyLib ( return EFI_ALREADY_STARTED;
}
- if (!EFI_ERROR( Status )) {
- Status = VariablePolicyExtraInit();
+ if (!EFI_ERROR (Status)) {
+ Status = VariablePolicyExtraInit ();
}
- if (!EFI_ERROR( Status )) {
+ if (!EFI_ERROR (Status)) {
// Save an internal pointer to the GetVariableHelper.
mGetVariableHelper = GetVariableHelper;
// Initialize the global state.
- mInterfaceLocked = FALSE;
+ mInterfaceLocked = FALSE;
mProtectionDisabled = FALSE;
- mPolicyTable = NULL;
- mCurrentTableSize = 0;
- mCurrentTableUsage = 0;
- mCurrentTableCount = 0;
+ mPolicyTable = NULL;
+ mCurrentTableSize = 0;
+ mCurrentTableUsage = 0;
+ mCurrentTableCount = 0;
}
return Status;
}
-
/**
This helper function returns whether or not the library is currently initialized.
@@ -784,7 +818,6 @@ IsVariablePolicyLibInitialized ( return (mGetVariableHelper != NULL);
}
-
/**
This helper function tears down the library.
@@ -800,7 +833,7 @@ DeinitVariablePolicyLib ( VOID
)
{
- EFI_STATUS Status;
+ EFI_STATUS Status;
Status = EFI_SUCCESS;
@@ -808,20 +841,20 @@ DeinitVariablePolicyLib ( return EFI_NOT_READY;
}
- if (!EFI_ERROR( Status )) {
- Status = VariablePolicyExtraDeinit();
+ if (!EFI_ERROR (Status)) {
+ Status = VariablePolicyExtraDeinit ();
}
- if (!EFI_ERROR( Status )) {
- mGetVariableHelper = NULL;
- mInterfaceLocked = FALSE;
+ if (!EFI_ERROR (Status)) {
+ mGetVariableHelper = NULL;
+ mInterfaceLocked = FALSE;
mProtectionDisabled = FALSE;
- mCurrentTableSize = 0;
- mCurrentTableUsage = 0;
- mCurrentTableCount = 0;
+ mCurrentTableSize = 0;
+ mCurrentTableUsage = 0;
+ mCurrentTableCount = 0;
if (mPolicyTable != NULL) {
- FreePool( mPolicyTable );
+ FreePool (mPolicyTable);
mPolicyTable = NULL;
}
}
|