search

USBGuard / usbguard

USBGuard is a software framework for implementing USB device authorization policies (what kind of USB devices are authorized) as well as method of use policies (how a USB device may interact with the system)
https://usbguard.github.io/
GNU General Public License v2.0
1.11k stars 134 forks source link

Add lsusb "Device" field into usbguard outputs #271

Open jk-1 opened 5 years ago

jk-1 commented 5 years ago

This proposal is based on v0.7.2

I tried to compare usbguard output with lsusb output. See this example output about Logitech M105 mouse:

lsusb -v

Bus 003 Device 012: ID 046d:c077 Logitech, Inc. M105 Optical Mouse
Device Descriptor:
  bLength                18
  bDescriptorType         1
  bcdUSB               2.00
  bDeviceClass            0 (Defined at Interface level)
  bDeviceSubClass         0 
  bDeviceProtocol         0 
  bMaxPacketSize0         8
  idVendor           0x046d Logitech, Inc.
  idProduct          0xc077 M105 Optical Mouse
  bcdDevice           72.00
  iManufacturer           1 
  iProduct                2 
  iSerial                 0 
  bNumConfigurations      1
  Configuration Descriptor:
    bLength                 9
    bDescriptorType         2
    wTotalLength           34
    bNumInterfaces          1
    bConfigurationValue     1
    iConfiguration          0 
    bmAttributes         0xa0
      (Bus Powered)
      Remote Wakeup
    MaxPower              100mA
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        0
      bAlternateSetting       0
      bNumEndpoints           1
      bInterfaceClass         3 Human Interface Device
      bInterfaceSubClass      1 Boot Interface Subclass
      bInterfaceProtocol      2 Mouse
      iInterface              0 
        HID Device Descriptor:
          bLength                 9
          bDescriptorType        33
          bcdHID               1.11
          bCountryCode            0 Not supported
          bNumDescriptors         1
          bDescriptorType        34 Report
          wDescriptorLength      46
         Report Descriptors: 
           ** UNAVAILABLE **
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x81  EP 1 IN
        bmAttributes            3
          Transfer Type            Interrupt
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0004  1x 4 bytes
        bInterval              10

lsusb -t

/:  Bus 03.
    |__ Port 5: Dev 12, If 0, Class=Human Interface Device, Driver=usbhid, 1.5M

sudo usbguard list-devices 

41: allow id 046d:c077 serial "" name "USB Optical Mouse" hash "+9K1mAfPrF0JZCRKJGoCd9W+hJCPH+fsSu/S+HMvtQk=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "3-5" with-interface 03:01:02

It is not possible (at least easily) to map device info by combining usbguard output to lsusb output. usbguard hash is proprietary, id xxx:yyy is not necessarily unique, name is not necessarily unique and in this case usbguard name and lsusb idProduct values do not match for some reason. If I parse lsusb -t and lsusb -v I can get bus-port, i.e. "3-5" in this case.

Further development proposal:

Add lsusb command's "Device" field into usbguard outputs, at least into usbguard list-devices -command, maybe also into usbguard generate-policy if applicable.

tweksteen commented 5 years ago

As you mentioned, the pair (bus, port) is available in both tools and can be used to match the entries. This is more stable than relying on the arbitrary assigned device id by the kernel. I don't think it would make sense to have this parameter as part of the rules (because of its volatility).