diff options
| author | Dmitry Torokhov <dtor@chromium.org> | 2019-02-17 02:21:51 -0500 |
|---|---|---|
| committer | Greg Kroah-Hartman <gregkh@linuxfoundation.org> | 2019-02-22 03:27:55 -0500 |
| commit | 7bae0432a64aa7569dbd0feb2927fd3ff913901f (patch) | |
| tree | 6af0b4f35bb5eb87326f546a18597c00d06942a2 /include/linux/usb | |
| parent | ca942a0ed019f98c156cdb3de78b3d76bf381b12 (diff) | |
usb: core: add option of only authorizing internal devices
On Chrome OS we want to use USBguard to potentially limit access to USB
devices based on policy. We however to do not want to wait for userspace to
come up before initializing fixed USB devices to not regress our boot
times.
This patch adds option to instruct the kernel to only authorize devices
connected to the internal ports. Previously we could either authorize
all or none (or, by default, we'd only authorize wired devices).
The behavior is controlled via usbcore.authorized_default command line
option.
Signed-off-by: Dmitry Torokhov <dtor@chromium.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
Diffstat (limited to 'include/linux/usb')
| -rw-r--r-- | include/linux/usb/hcd.h | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/include/linux/usb/hcd.h b/include/linux/usb/hcd.h index 7dc3a411bece..695931b03684 100644 --- a/include/linux/usb/hcd.h +++ b/include/linux/usb/hcd.h | |||
| @@ -72,6 +72,12 @@ struct giveback_urb_bh { | |||
| 72 | struct usb_host_endpoint *completing_ep; | 72 | struct usb_host_endpoint *completing_ep; |
| 73 | }; | 73 | }; |
| 74 | 74 | ||
| 75 | enum usb_dev_authorize_policy { | ||
| 76 | USB_DEVICE_AUTHORIZE_NONE = 0, | ||
| 77 | USB_DEVICE_AUTHORIZE_ALL = 1, | ||
| 78 | USB_DEVICE_AUTHORIZE_INTERNAL = 2, | ||
| 79 | }; | ||
| 80 | |||
| 75 | struct usb_hcd { | 81 | struct usb_hcd { |
| 76 | 82 | ||
| 77 | /* | 83 | /* |
| @@ -117,7 +123,6 @@ struct usb_hcd { | |||
| 117 | #define HCD_FLAG_RH_RUNNING 5 /* root hub is running? */ | 123 | #define HCD_FLAG_RH_RUNNING 5 /* root hub is running? */ |
| 118 | #define HCD_FLAG_DEAD 6 /* controller has died? */ | 124 | #define HCD_FLAG_DEAD 6 /* controller has died? */ |
| 119 | #define HCD_FLAG_INTF_AUTHORIZED 7 /* authorize interfaces? */ | 125 | #define HCD_FLAG_INTF_AUTHORIZED 7 /* authorize interfaces? */ |
| 120 | #define HCD_FLAG_DEV_AUTHORIZED 8 /* authorize devices? */ | ||
| 121 | 126 | ||
| 122 | /* The flags can be tested using these macros; they are likely to | 127 | /* The flags can be tested using these macros; they are likely to |
| 123 | * be slightly faster than test_bit(). | 128 | * be slightly faster than test_bit(). |
| @@ -142,8 +147,7 @@ struct usb_hcd { | |||
| 142 | * or they require explicit user space authorization; this bit is | 147 | * or they require explicit user space authorization; this bit is |
| 143 | * settable through /sys/class/usb_host/X/authorized_default | 148 | * settable through /sys/class/usb_host/X/authorized_default |
| 144 | */ | 149 | */ |
| 145 | #define HCD_DEV_AUTHORIZED(hcd) \ | 150 | enum usb_dev_authorize_policy dev_policy; |
| 146 | ((hcd)->flags & (1U << HCD_FLAG_DEV_AUTHORIZED)) | ||
| 147 | 151 | ||
| 148 | /* Flags that get set only during HCD registration or removal. */ | 152 | /* Flags that get set only during HCD registration or removal. */ |
| 149 | unsigned rh_registered:1;/* is root hub registered? */ | 153 | unsigned rh_registered:1;/* is root hub registered? */ |