diff options
author | Stefan Koch <stefan.koch10@gmail.com> | 2015-08-08 11:32:55 +0200 |
---|---|---|
committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2015-08-14 16:55:55 -0700 |
commit | 6ef2bf71764708f7c58ee9300acd8df05dbaa06f (patch) | |
tree | 6bd1e02e6f155374a25d642b3a92a5ad7db6b80a /Documentation/usb | |
parent | 187b3d75bbfba45a38b5d1d3656c0f11f6f6f2d0 (diff) | |
download | linux-6ef2bf71764708f7c58ee9300acd8df05dbaa06f.tar.gz |
usb: interface authorization: Documentation part
This part adds the documentation for the interface authorization.
Signed-off-by: Stefan Koch <skoch@suse.de>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'Documentation/usb')
-rw-r--r-- | Documentation/usb/authorization.txt | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/Documentation/usb/authorization.txt b/Documentation/usb/authorization.txt index c069b6884c77..020cec5585ce 100644 --- a/Documentation/usb/authorization.txt +++ b/Documentation/usb/authorization.txt @@ -3,6 +3,9 @@ Authorizing (or not) your USB devices to connect to the system (C) 2007 Inaky Perez-Gonzalez <inaky@linux.intel.com> Intel Corporation +Interface authorization part: + (C) 2015 Stefan Koch <skoch@suse.de> SUSE LLC + This feature allows you to control if a USB device can be used (or not) in a system. This feature will allow you to implement a lock-down of USB devices, fully controlled by user space. @@ -90,3 +93,34 @@ etc, but you get the idea. Anybody with access to a device gadget kit can fake descriptors and device info. Don't trust that. You are welcome. + +Interface authorization +----------------------- +There is a similar approach to allow or deny specific USB interfaces. +That allows to block only a subset of an USB device. + +Authorize an interface: +$ echo 1 > /sys/bus/usb/devices/INTERFACE/authorized + +Deauthorize an interface: +$ echo 0 > /sys/bus/usb/devices/INTERFACE/authorized + +The default value for new interfaces +on a particular USB bus can be changed, too. + +Allow interfaces per default: +$ echo 1 > /sys/bus/usb/devices/usbX/interface_authorized_default + +Deny interfaces per default: +$ echo 0 > /sys/bus/usb/devices/usbX/interface_authorized_default + +Per default the interface_authorized_default bit is 1. +So all interfaces would authorized per default. + +Note: +If a deauthorized interface will be authorized so the driver probing must +be triggered manually by writing INTERFACE to /sys/bus/usb/drivers_probe + +For drivers that need multiple interfaces all needed interfaces should be +authroized first. After that the drivers should be probed. +This avoids side effects. |