I'm trying to create simple udev rules to block all devices but mass storage being connected on a specific port (RASPBERRY PI 4).
I came up with the following rules :
Allowing USB drives :
KERNEL=="sd?", ENV{DEVTYPE}=="disk", ATTRS{devpath}=="1.3", SYMLINK+="USBInputDISK", ATTR{authorized}:="1"
KERNEL=="sd??", ENV{DEVTYPE}=="partition", ATTRS{devpath}=="1.3", SYMLINK+="USBInputPARTITION", ATTR{authorized}:="1"
Blocking everything else :
ENV{DEVTYPE}!="disk", ENV{DEVTYPE}!="partition", ATTRS{devpath}=="1.3", SYMLINK+="BadUSBInput", ATTR{authorized}:="0"
The only issue with this is that the blocking rule takes over the allowing one as it will block "/dev/bus/usb/001/***". Therefore, I'm trying to avoid this. my idea is to add a test in the udev rule on the N: flag.
This is because when I run :
udevadm info -q all /dev/bus/usb/001/016
I get a line that states N: bus/usb/001/016
So I would like to add a statement to the udev rule that states "N:"!="/bus/usb/001/*". I don't know how though and couldn't find the answer online.
I tried something with ENV{DEVNAME}!="/dev/bus/*" which does not work for some reason.
Any idea ? Thanks !
Got it.
ATTRS{devpath}=="1.3", KERNEL=="hid*", RUN+="/bin/bash -c 'echo 0 > /sys/bus/usb/devices/1-1.3/authorized'"
This is a working way to block inputs (keyboards, mouse, rubber duckies) on a com port while allowing mass storage usb thumb drives.