-What: /sys/bus/usb/devices/INTERFACE/authorized
-Date: June 2015
-KernelVersion: 4.2
-Description:
- This allows to authorize (1) or deauthorize (0)
- individual interfaces instead a whole device
- in contrast to the device authorization.
- If a deauthorized interface will be authorized
- so the driver probing must be triggered manually
- by writing INTERFACE to /sys/bus/usb/drivers_probe
- This allows to avoid side-effects with drivers
- that need multiple interfaces.
- A deauthorized interface cannot be probed or claimed.
-
-What: /sys/bus/usb/devices/usbX/interface_authorized_default
-Date: June 2015
-KernelVersion: 4.2
-Description:
- This is used as default value that determines
- if interfaces would authorized per default.
- The value can be 1 or 0. It is per default 1.
-
What: /sys/bus/usb/device/.../authorized
Date: July 2008
KernelVersion: 2.6.26
(C) 2007 Inaky Perez-Gonzalez <inaky@linux.intel.com> Intel Corporation
-Interface authorization part:
- (C) 2015 Stefan Koch <skoch@suse.de> SUSE LLC
-
This feature allows you to control if a USB device can be used (or
not) in a system. This feature will allow you to implement a lock-down
of USB devices, fully controlled by user space.
can fake descriptors and device info. Don't trust that. You are
welcome.
-
-Interface authorization
------------------------
-There is a similar approach to allow or deny specific USB interfaces.
-That allows to block only a subset of an USB device.
-
-Authorize an interface:
-$ echo 1 > /sys/bus/usb/devices/INTERFACE/authorized
-
-Deauthorize an interface:
-$ echo 0 > /sys/bus/usb/devices/INTERFACE/authorized
-
-The default value for new interfaces
-on a particular USB bus can be changed, too.
-
-Allow interfaces per default:
-$ echo 1 > /sys/bus/usb/devices/usbX/interface_authorized_default
-
-Deny interfaces per default:
-$ echo 0 > /sys/bus/usb/devices/usbX/interface_authorized_default
-
-Per default the interface_authorized_default bit is 1.
-So all interfaces would authorized per default.
-
-Note:
-If a deauthorized interface will be authorized so the driver probing must
-be triggered manually by writing INTERFACE to /sys/bus/usb/drivers_probe
-
-For drivers that need multiple interfaces all needed interfaces should be
-authroized first. After that the drivers should be probed.
-This avoids side effects.