Whitelisting USB devices with udev

Kernels & Hardware, configuring network, installing services

Whitelisting USB devices with udev

Postby MaxiSys » 2018-12-18 12:40

Hello,
I wanted to block all usb devices except Human Interface Devices (Interface class "03"),
so block all devices and enable only hubs with following udev rule. My question is if the part where i enable device class "00" and interface class "03" is correct and will not allow any other usb device to work.
For my understanding device class "00" just tells to define the device at interface level and if that interface isnt authorized it shoudnt work.
Am i right here or is something wrong/missing?

Code: Select all
#whitelist keyboards and mouse

# Skeep not USB
SUBSYSTEM!="usb", GOTO="usb_end"
# Skeep remove actions
ACTION=="remove", GOTO="usb_end"

# Linux Foundation
# enable ehci
SUBSYSTEMS=="usb", ACTION=="add", ATTR{product}=="EHCI Host Controller", \
 ATTR{bDeviceClass}=="09", ATTR{authorized}="1", GOTO="usb_end"

# enable uhci
SUBSYSTEMS=="usb", ACTION=="add", ATTR{product}=="UHCI Host Controller", \
 ATTR{bDeviceClass}=="09", ATTR{authorized}="1", GOTO="usb_end"

# get to intel hubs / enable root hubs
SUBSYSTEMS=="usb", ACTION=="add", ATTR{bInterfaceClass}=="09", ATTR{authorized}="1", GOTO="usb_end"

# enable intel hubs / all hubs
SUBSYSTEMS=="usb", ACTION=="add", ATTR{bDeviceClass}=="09", ATTR{authorized}="1", GOTO="usb_end"

#enable 00 (one  before keyboar)
SUBSYSTEMS=="usb", ACTION=="add", ATTR{bDeviceClass}=="00", ATTR{authorized}="1", GOTO="usb_end"

#enable human interface devices
SUBSYSTEMS=="usb", ACTION=="add", ATTR{bInterfaceClass}=="03", ATTR{authorized}="1", GOTO="usb_end"

# Disable all other USB devices
SUBSYSTEMS=="usb", ACTION=="add", ATTR{authorized}="0"

LABEL="usb_end"


thank you :)
MaxiSys
 
Posts: 1
Joined: 2018-12-18 12:34

Return to System configuration

Who is online

Users browsing this forum: No registered users and 5 guests

fashionable