Blocking USB HID in Linux

Question

I'm programming a kioks device and i want to block all usb devices expect 2 kind of usb.One is my touch screen hid usb and the other one is usb storage devices.Actually i tried write rules under udev.I tried this code:

ACTION=="add", SUBSYSTEM=="usb", DRIVERS=="usb", ATTR{authorized}="0"

But this one is blocking all usb devices.So i tried to add another rule to unblock specific device with product and vendor id.

ACTION=="add", SUBSYSTEM=="usb", DRIVERS=="usb", ATTR{idVendor}=="0eef", ATTR{idProduct}=="0005", ATTR{authorized}="1"

but this one is not working.

is there any another way to do this operation.

Answer 1

The problem with your approach is that it disables USB hub devices as well, and normally hub is part of the USB host controller internally. Therefore, after disabling all USB devices, you need to explicitly enable any hub devices and then the desired USB devices. This can be done as:

#By default, disable all usb devices (including hubs)
ACTION=="add", SUBSYSTEMS=="usb", RUN+="/bin/sh -c 'for host in /sys/bus/usb/devices/usb*; do echo 0 > $host/authorized_default; done'"

#Enable hub devices
ACTION=="add", ATTR{bDeviceClass}=="09", RUN+="/bin/sh -c 'echo 1 >/sys$DEVPATH/authorized'"

#Enable desired USB devices by setting PID/VID
ACTION=="add", ATTR{idVendor}=="045e", ATTR{idProduct}=="07f8", RUN+="/bin/sh -c 'echo 1 >/sys$DEVPATH/authorized'"
ACTION=="add", ATTR{idVendor}=="045e", ATTR{idProduct}=="0797", RUN+="/bin/sh -c 'echo 1 >/sys$DEVPATH/authorized'"

For more info, follow these links: Setting authorized by running script , Setting authorized using ATTR