usbguard icon indicating copy to clipboard operation
usbguard copied to clipboard

Published 20 hours ago verified publisher icon USBGuard

Add lsusb "Device" field into usbguard outputs

Open jk-1 opened this issue 6 years ago • 1 comments

This proposal is based on v0.7.2

I tried to compare usbguard output with lsusb output. See this example output about Logitech M105 mouse:

lsusb -v

Bus 003 Device 012: ID 046d:c077 Logitech, Inc. M105 Optical Mouse
Device Descriptor:
  bLength                18
  bDescriptorType         1
  bcdUSB               2.00
  bDeviceClass            0 (Defined at Interface level)
  bDeviceSubClass         0 
  bDeviceProtocol         0 
  bMaxPacketSize0         8
  idVendor           0x046d Logitech, Inc.
  idProduct          0xc077 M105 Optical Mouse
  bcdDevice           72.00
  iManufacturer           1 
  iProduct                2 
  iSerial                 0 
  bNumConfigurations      1
  Configuration Descriptor:
    bLength                 9
    bDescriptorType         2
    wTotalLength           34
    bNumInterfaces          1
    bConfigurationValue     1
    iConfiguration          0 
    bmAttributes         0xa0
      (Bus Powered)
      Remote Wakeup
    MaxPower              100mA
    Interface Descriptor:
      bLength                 9
      bDescriptorType         4
      bInterfaceNumber        0
      bAlternateSetting       0
      bNumEndpoints           1
      bInterfaceClass         3 Human Interface Device
      bInterfaceSubClass      1 Boot Interface Subclass
      bInterfaceProtocol      2 Mouse
      iInterface              0 
        HID Device Descriptor:
          bLength                 9
          bDescriptorType        33
          bcdHID               1.11
          bCountryCode            0 Not supported
          bNumDescriptors         1
          bDescriptorType        34 Report
          wDescriptorLength      46
         Report Descriptors: 
           ** UNAVAILABLE **
      Endpoint Descriptor:
        bLength                 7
        bDescriptorType         5
        bEndpointAddress     0x81  EP 1 IN
        bmAttributes            3
          Transfer Type            Interrupt
          Synch Type               None
          Usage Type               Data
        wMaxPacketSize     0x0004  1x 4 bytes
        bInterval              10



lsusb -t

/:  Bus 03.
    |__ Port 5: Dev 12, If 0, Class=Human Interface Device, Driver=usbhid, 1.5M



sudo usbguard list-devices 

41: allow id 046d:c077 serial "" name "USB Optical Mouse" hash "+9K1mAfPrF0JZCRKJGoCd9W+hJCPH+fsSu/S+HMvtQk=" parent-hash "jEP/6WzviqdJ5VSeTUY8PatCNBKeaREvo2OqdplND/o=" via-port "3-5" with-interface 03:01:02

It is not possible (at least easily) to map device info by combining usbguard output to lsusb output. usbguard hash is proprietary, id xxx:yyy is not necessarily unique, name is not necessarily unique and in this case usbguard name and lsusb idProduct values do not match for some reason. If I parse lsusb -t and lsusb -v I can get bus-port, i.e. "3-5" in this case.

Further development proposal:

Add lsusb command's "Device" field into usbguard outputs, at least into usbguard list-devices -command, maybe also into usbguard generate-policy if applicable.

jk-1 avatar Jan 06 '19 20:01 jk-1

As you mentioned, the pair (bus, port) is available in both tools and can be used to match the entries. This is more stable than relying on the arbitrary assigned device id by the kernel. I don't think it would make sense to have this parameter as part of the rules (because of its volatility).

tweksteen avatar Jul 15 '19 12:07 tweksteen