summaryrefslogtreecommitdiffstats
path: root/Documentation/usb
diff options
context:
space:
mode:
authorStefan Koch <stefan.koch10@gmail.com>2015-08-08 11:32:55 +0200
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2015-08-15 01:55:55 +0200
commit6ef2bf71764708f7c58ee9300acd8df05dbaa06f (patch)
tree6bd1e02e6f155374a25d642b3a92a5ad7db6b80a /Documentation/usb
parentusb: interface authorization: SysFS part of USB interface authorization (diff)
downloadlinux-6ef2bf71764708f7c58ee9300acd8df05dbaa06f.tar.xz
linux-6ef2bf71764708f7c58ee9300acd8df05dbaa06f.zip
usb: interface authorization: Documentation part
This part adds the documentation for the interface authorization. Signed-off-by: Stefan Koch <skoch@suse.de> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'Documentation/usb')
-rw-r--r--Documentation/usb/authorization.txt34
1 files changed, 34 insertions, 0 deletions
diff --git a/Documentation/usb/authorization.txt b/Documentation/usb/authorization.txt
index c069b6884c77..020cec5585ce 100644
--- a/Documentation/usb/authorization.txt
+++ b/Documentation/usb/authorization.txt
@@ -3,6 +3,9 @@ Authorizing (or not) your USB devices to connect to the system
(C) 2007 Inaky Perez-Gonzalez <inaky@linux.intel.com> Intel Corporation
+Interface authorization part:
+ (C) 2015 Stefan Koch <skoch@suse.de> SUSE LLC
+
This feature allows you to control if a USB device can be used (or
not) in a system. This feature will allow you to implement a lock-down
of USB devices, fully controlled by user space.
@@ -90,3 +93,34 @@ etc, but you get the idea. Anybody with access to a device gadget kit
can fake descriptors and device info. Don't trust that. You are
welcome.
+
+Interface authorization
+-----------------------
+There is a similar approach to allow or deny specific USB interfaces.
+That allows to block only a subset of an USB device.
+
+Authorize an interface:
+$ echo 1 > /sys/bus/usb/devices/INTERFACE/authorized
+
+Deauthorize an interface:
+$ echo 0 > /sys/bus/usb/devices/INTERFACE/authorized
+
+The default value for new interfaces
+on a particular USB bus can be changed, too.
+
+Allow interfaces per default:
+$ echo 1 > /sys/bus/usb/devices/usbX/interface_authorized_default
+
+Deny interfaces per default:
+$ echo 0 > /sys/bus/usb/devices/usbX/interface_authorized_default
+
+Per default the interface_authorized_default bit is 1.
+So all interfaces would authorized per default.
+
+Note:
+If a deauthorized interface will be authorized so the driver probing must
+be triggered manually by writing INTERFACE to /sys/bus/usb/drivers_probe
+
+For drivers that need multiple interfaces all needed interfaces should be
+authroized first. After that the drivers should be probed.
+This avoids side effects.