usb: interface authorization: Documentation part

This part adds the documentation for the interface authorization.

Signed-off-by: Stefan Koch <stefan.koch10@gmail.com>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
This commit is contained in:
Stefan Koch 2015-08-25 21:10:10 +02:00 committed by Greg Kroah-Hartman
parent 310d2b4124
commit 7f59c150ad
2 changed files with 51 additions and 0 deletions

View File

@ -1,3 +1,23 @@
What: /sys/bus/usb/devices/INTERFACE/authorized
Date: August 2015
Description:
This allows to authorize (1) or deauthorize (0)
individual interfaces instead a whole device
in contrast to the device authorization.
If a deauthorized interface will be authorized
so the driver probing must be triggered manually
by writing INTERFACE to /sys/bus/usb/drivers_probe
This allows to avoid side-effects with drivers
that need multiple interfaces.
A deauthorized interface cannot be probed or claimed.
What: /sys/bus/usb/devices/usbX/interface_authorized_default
Date: August 2015
Description:
This is used as value that determines if interfaces
would be authorized by default.
The value can be 1 or 0. It's by default 1.
What: /sys/bus/usb/device/.../authorized What: /sys/bus/usb/device/.../authorized
Date: July 2008 Date: July 2008
KernelVersion: 2.6.26 KernelVersion: 2.6.26

View File

@ -90,3 +90,34 @@ etc, but you get the idea. Anybody with access to a device gadget kit
can fake descriptors and device info. Don't trust that. You are can fake descriptors and device info. Don't trust that. You are
welcome. welcome.
Interface authorization
-----------------------
There is a similar approach to allow or deny specific USB interfaces.
That allows to block only a subset of an USB device.
Authorize an interface:
$ echo 1 > /sys/bus/usb/devices/INTERFACE/authorized
Deauthorize an interface:
$ echo 0 > /sys/bus/usb/devices/INTERFACE/authorized
The default value for new interfaces
on a particular USB bus can be changed, too.
Allow interfaces per default:
$ echo 1 > /sys/bus/usb/devices/usbX/interface_authorized_default
Deny interfaces per default:
$ echo 0 > /sys/bus/usb/devices/usbX/interface_authorized_default
Per default the interface_authorized_default bit is 1.
So all interfaces would authorized per default.
Note:
If a deauthorized interface will be authorized so the driver probing must
be triggered manually by writing INTERFACE to /sys/bus/usb/drivers_probe
For drivers that need multiple interfaces all needed interfaces should be
authroized first. After that the drivers should be probed.
This avoids side effects.