usb: interface authorization: Documentation part

What:		/sys/bus/usb/devices/INTERFACE/authorized

Date:		August 2015

Description:

		This allows to authorize (1) or deauthorize (0)

		individual interfaces instead a whole device

		in contrast to the device authorization.

		If a deauthorized interface will be authorized

		so the driver probing must be triggered manually

		by writing INTERFACE to /sys/bus/usb/drivers_probe

		This allows to avoid side-effects with drivers

		that need multiple interfaces.

		A deauthorized interface cannot be probed or claimed.

What:		/sys/bus/usb/devices/usbX/interface_authorized_default

Date:		August 2015

Description:

		This is used as value that determines if interfaces

		would be authorized by default.

		The value can be 1 or 0. It's by default 1.

What:		/sys/bus/usb/device/.../authorized

Date:		July 2008

KernelVersion:	2.6.26

can fake descriptors and device info. Don't trust that. You are

welcome.

Interface authorization

-----------------------

There is a similar approach to allow or deny specific USB interfaces.

That allows to block only a subset of an USB device.

Authorize an interface:

$ echo 1 > /sys/bus/usb/devices/INTERFACE/authorized

Deauthorize an interface:

$ echo 0 > /sys/bus/usb/devices/INTERFACE/authorized

The default value for new interfaces

on a particular USB bus can be changed, too.

Allow interfaces per default:

$ echo 1 > /sys/bus/usb/devices/usbX/interface_authorized_default

Deny interfaces per default:

$ echo 0 > /sys/bus/usb/devices/usbX/interface_authorized_default

Per default the interface_authorized_default bit is 1.

So all interfaces would authorized per default.

Note:

If a deauthorized interface will be authorized so the driver probing must

be triggered manually by writing INTERFACE to /sys/bus/usb/drivers_probe

For drivers that need multiple interfaces all needed interfaces should be

authroized first. After that the drivers should be probed.

This avoids side effects.