summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Koch <stefan.koch10@gmail.com>2015-08-25 21:10:10 +0200
committerGreg Kroah-Hartman <gregkh@linuxfoundation.org>2015-09-22 12:08:40 -0700
commit7f59c150ad9ae017abcff16775ccdd0bdefb963d (patch)
tree790d93be49f94dfb80b445159b122b67d62c090a
parent310d2b4124c073a2057ef9d952d4d938e9b1dfd9 (diff)
usb: interface authorization: Documentation part
This part adds the documentation for the interface authorization. Signed-off-by: Stefan Koch <stefan.koch10@gmail.com> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
-rw-r--r--Documentation/ABI/testing/sysfs-bus-usb20
-rw-r--r--Documentation/usb/authorization.txt31
2 files changed, 51 insertions, 0 deletions
diff --git a/Documentation/ABI/testing/sysfs-bus-usb b/Documentation/ABI/testing/sysfs-bus-usb
index 864637f25bee..3a4abfc44f5e 100644
--- a/Documentation/ABI/testing/sysfs-bus-usb
+++ b/Documentation/ABI/testing/sysfs-bus-usb
@@ -1,3 +1,23 @@
+What: /sys/bus/usb/devices/INTERFACE/authorized
+Date: August 2015
+Description:
+ This allows to authorize (1) or deauthorize (0)
+ individual interfaces instead a whole device
+ in contrast to the device authorization.
+ If a deauthorized interface will be authorized
+ so the driver probing must be triggered manually
+ by writing INTERFACE to /sys/bus/usb/drivers_probe
+ This allows to avoid side-effects with drivers
+ that need multiple interfaces.
+ A deauthorized interface cannot be probed or claimed.
+
+What: /sys/bus/usb/devices/usbX/interface_authorized_default
+Date: August 2015
+Description:
+ This is used as value that determines if interfaces
+ would be authorized by default.
+ The value can be 1 or 0. It's by default 1.
+
What: /sys/bus/usb/device/.../authorized
Date: July 2008
KernelVersion: 2.6.26
diff --git a/Documentation/usb/authorization.txt b/Documentation/usb/authorization.txt
index c069b6884c77..c7e985f05d8f 100644
--- a/Documentation/usb/authorization.txt
+++ b/Documentation/usb/authorization.txt
@@ -90,3 +90,34 @@ etc, but you get the idea. Anybody with access to a device gadget kit
can fake descriptors and device info. Don't trust that. You are
welcome.
+
+Interface authorization
+-----------------------
+There is a similar approach to allow or deny specific USB interfaces.
+That allows to block only a subset of an USB device.
+
+Authorize an interface:
+$ echo 1 > /sys/bus/usb/devices/INTERFACE/authorized
+
+Deauthorize an interface:
+$ echo 0 > /sys/bus/usb/devices/INTERFACE/authorized
+
+The default value for new interfaces
+on a particular USB bus can be changed, too.
+
+Allow interfaces per default:
+$ echo 1 > /sys/bus/usb/devices/usbX/interface_authorized_default
+
+Deny interfaces per default:
+$ echo 0 > /sys/bus/usb/devices/usbX/interface_authorized_default
+
+Per default the interface_authorized_default bit is 1.
+So all interfaces would authorized per default.
+
+Note:
+If a deauthorized interface will be authorized so the driver probing must
+be triggered manually by writing INTERFACE to /sys/bus/usb/drivers_probe
+
+For drivers that need multiple interfaces all needed interfaces should be
+authroized first. After that the drivers should be probed.
+This avoids side effects.