From: Niko Mauno Date: Fri, 5 Jan 2024 11:49:56 +0000 (+0200) Subject: usb: core: Make default authorization mode configurable X-Git-Url: http://git.maquefel.me/?a=commitdiff_plain;h=bec7e43b162c58798e6dc30d8e70d1e2318aaf2d;p=linux.git usb: core: Make default authorization mode configurable Make the default USB device authorization mode configurable at build time. This is useful for systems that require a mode that is stricter than the standard setting, as it avoids relying on the kernel command line being properly set. Signed-off-by: Niko Mauno Link: https://lore.kernel.org/r/20240105114956.30714-2-niko.mauno@vaisala.com Signed-off-by: Greg Kroah-Hartman --- diff --git a/drivers/usb/core/Kconfig b/drivers/usb/core/Kconfig index 351ede4b5de20..f337aaea76042 100644 --- a/drivers/usb/core/Kconfig +++ b/drivers/usb/core/Kconfig @@ -116,3 +116,20 @@ config USB_AUTOSUSPEND_DELAY The default value Linux has always had is 2 seconds. Change this value if you want a different delay and cannot modify the command line or module parameter. + +config USB_DEFAULT_AUTHORIZATION_MODE + int "Default authorization mode for USB devices" + range 0 2 + default 1 + depends on USB + help + Select the default USB device authorization mode. Can be overridden + with usbcore.authorized_default command line or module parameter. + + The available values have the following meanings: + 0 is unauthorized for all devices + 1 is authorized for all devices (default) + 2 is authorized for internal devices + + If the default value is too permissive but you are unsure which mode + to use, say 2. diff --git a/drivers/usb/core/hcd.c b/drivers/usb/core/hcd.c index 9aa5e6bf9b9d9..d56597dc7d422 100644 --- a/drivers/usb/core/hcd.c +++ b/drivers/usb/core/hcd.c @@ -357,7 +357,7 @@ static const u8 ss_rh_config_descriptor[] = { #define USB_AUTHORIZE_ALL 1 #define USB_AUTHORIZE_INTERNAL 2 -static int authorized_default = USB_AUTHORIZE_ALL; +static int authorized_default = CONFIG_USB_DEFAULT_AUTHORIZATION_MODE; module_param(authorized_default, int, S_IRUGO|S_IWUSR); MODULE_PARM_DESC(authorized_default, "Default USB device authorization: 0 is not authorized, 1 is authorized (default), 2 is authorized for internal devices, -1 is authorized (same as 1)");