On Sat, Feb 16, 2019 at 11:21:51PM -0800, Dmitry Torokhov wrote: > On Chrome OS we want to use USBguard to potentially limit access to USB > devices based on policy. We however to do not want to wait for userspace to > come up before initializing fixed USB devices to not regress our boot > times. > > This patch adds option to instruct the kernel to only authorize devices > connected to the internal ports. Previously we could either authorize > all or none (or, by default, we'd only authorize wired devices). > > The behavior is controlled via usbcore.authorized_default command line > option. > > Signed-off-by: Dmitry Torokhov <dtor@xxxxxxxxxxxx> > --- > .../admin-guide/kernel-parameters.txt | 3 +- > Documentation/usb/authorization.txt | 4 +- > drivers/usb/core/hcd.c | 51 +++++++++++-------- > drivers/usb/core/usb.c | 33 +++++++++--- > include/linux/usb/hcd.h | 10 ++-- > 5 files changed, 69 insertions(+), 32 deletions(-) > > diff --git a/Documentation/admin-guide/kernel-parameters.txt b/Documentation/admin-guide/kernel-parameters.txt > index aefd358a5ca3..4446919089b9 100644 > --- a/Documentation/admin-guide/kernel-parameters.txt > +++ b/Documentation/admin-guide/kernel-parameters.txt > @@ -4675,7 +4675,8 @@ > usbcore.authorized_default= > [USB] Default USB device authorization: > (default -1 = authorized except for wireless USB, > - 0 = not authorized, 1 = authorized) > + 0 = not authorized, 1 = authorized, 2 = authorized > + if device connected to internal port) Oh nice, another "simple" flag modified over time to be more complex :( Anyway, that's fine, it's how APIs grow, just grumpy... This all looks good to me, I'll go queue it up now. greg k-h
