From: Niko Mauno <niko.mauno@xxxxxxxxxxx>
Make the default USB device authorization mode configurable at build
time. This is useful for systems that require a mode that is stricter
than the standard setting, as it avoids relying on the kernel command
line being properly set.
Signed-off-by: Niko Mauno <niko.mauno@xxxxxxxxxxx>
---
drivers/usb/core/Kconfig | 17 +++++++++++++++++
drivers/usb/core/hcd.c | 2 +-
2 files changed, 18 insertions(+), 1 deletion(-)
diff --git a/drivers/usb/core/Kconfig b/drivers/usb/core/Kconfig
index 351ede4b5de2..f337aaea7604 100644
--- a/drivers/usb/core/Kconfig
+++ b/drivers/usb/core/Kconfig
@@ -116,3 +116,20 @@ config USB_AUTOSUSPEND_DELAY
The default value Linux has always had is 2 seconds. Change
this value if you want a different delay and cannot modify
the command line or module parameter.
+
+config USB_DEFAULT_AUTHORIZATION_MODE
+ int "Default authorization mode for USB devices"
+ range 0 2
+ default 1
+ depends on USB
+ help
+ Select the default USB device authorization mode. Can be overridden
+ with usbcore.authorized_default command line or module parameter.
+
+ The available values have the following meanings:
+ 0 is unauthorized for all devices
+ 1 is authorized for all devices (default)
+ 2 is authorized for internal devices
+
+ If the default value is too permissive but you are unsure which mode
+ to use, say 2.
diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c
index 9aa5e6bf9b9d..d56597dc7d42 100644
--- a/drivers/usb/core/hcd.c
+++ b/drivers/usb/core/hcd.c
@@ -357,7 +357,7 @@ static const u8 ss_rh_config_descriptor[] = {
#define USB_AUTHORIZE_ALL 1
#define USB_AUTHORIZE_INTERNAL 2
-static int authorized_default = USB_AUTHORIZE_ALL;
+static int authorized_default = CONFIG_USB_DEFAULT_AUTHORIZATION_MODE;
module_param(authorized_default, int, S_IRUGO|S_IWUSR);
MODULE_PARM_DESC(authorized_default,
"Default USB device authorization: 0 is not authorized, 1 is authorized (default), 2 is authorized for internal devices, -1 is authorized (same as 1)");
--
2.39.2
