Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 6ef2bf71 authored by Stefan Koch's avatar Stefan Koch Committed by Greg Kroah-Hartman
Browse files

usb: interface authorization: Documentation part 



This part adds the documentation for the interface authorization.

Signed-off-by: default avatarStefan Koch <skoch@suse.de>
Signed-off-by: default avatarGreg Kroah-Hartman <gregkh@linuxfoundation.org>
parent 187b3d75

Documentation/ABI/testing/sysfs-bus-usb

+22 −0
Original line number Diff line number Diff line 
What:		/sys/bus/usb/devices/INTERFACE/authorized

Date:		June 2015

KernelVersion:	4.2

Description:

		This allows to authorize (1) or deauthorize (0)

		individual interfaces instead a whole device

		in contrast to the device authorization.

		If a deauthorized interface will be authorized

		so the driver probing must be triggered manually

		by writing INTERFACE to /sys/bus/usb/drivers_probe

		This allows to avoid side-effects with drivers

		that need multiple interfaces.

		A deauthorized interface cannot be probed or claimed.



What:		/sys/bus/usb/devices/usbX/interface_authorized_default

Date:		June 2015

KernelVersion:	4.2

Description:

		This is used as default value that determines

		if interfaces would authorized per default.

		The value can be 1 or 0. It is per default 1.



What:		/sys/bus/usb/device/.../authorized

Date:		July 2008

KernelVersion:	2.6.26

Documentation/usb/authorization.txt

+34 −0
Original line number Diff line number Diff line
@@ -3,6 +3,9 @@ Authorizing (or not) your USB devices to connect to the system 


(C) 2007 Inaky Perez-Gonzalez <inaky@linux.intel.com> Intel Corporation



Interface authorization part:

	(C) 2015 Stefan Koch <skoch@suse.de> SUSE LLC



This feature allows you to control if a USB device can be used (or

not) in a system. This feature will allow you to implement a lock-down

of USB devices, fully controlled by user space.
@@ -90,3 +93,34 @@ etc, but you get the idea. Anybody with access to a device gadget kit 
can fake descriptors and device info. Don't trust that. You are

welcome.





Interface authorization

-----------------------

There is a similar approach to allow or deny specific USB interfaces.

That allows to block only a subset of an USB device.



Authorize an interface:

$ echo 1 > /sys/bus/usb/devices/INTERFACE/authorized



Deauthorize an interface:

$ echo 0 > /sys/bus/usb/devices/INTERFACE/authorized



The default value for new interfaces

on a particular USB bus can be changed, too.



Allow interfaces per default:

$ echo 1 > /sys/bus/usb/devices/usbX/interface_authorized_default



Deny interfaces per default:

$ echo 0 > /sys/bus/usb/devices/usbX/interface_authorized_default



Per default the interface_authorized_default bit is 1.

So all interfaces would authorized per default.



Note:

If a deauthorized interface will be authorized so the driver probing must

be triggered manually by writing INTERFACE to /sys/bus/usb/drivers_probe



For drivers that need multiple interfaces all needed interfaces should be

authroized first. After that the drivers should be probed.

This avoids side effects.