filter: simplify CDC_WDM rule to a subsystem-only USBMISC check
This is not just a rename of the rule, we also now avoid doing an explicit check on the port name as well, and we rely on subsystem checks only; i.e. the same logic applied for net ports. The port candidate rules already do a 'cdc-wdm*' device name check so it shouldn't be a big deal.
This commit is contained in:
Aleksander Morgado
@@ -159,10 +159,10 @@ $ sudo udevadm trigger
|
|||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
<listitem>
|
<listitem>
|
||||||
<para><emphasis>MM_FILTER_RULE_CDC_WDM</emphasis></para>
|
<para><emphasis>MM_FILTER_RULE_USBMISC</emphasis></para>
|
||||||
<para>
|
<para>
|
||||||
This filter will automatically flag as allowed all cdc-wdm ports exposed by
|
This filter will automatically flag as allowed all cdc-wdm ports exposed in the
|
||||||
devices. Unless there is a will to explicitly forbid the cdc-wdm ports exposed
|
usbmisc subsystem. Unless there is a will to explicitly forbid the cdc-wdm ports exposed
|
||||||
by qmi_wwan, cdc_mbim or huawei-cdc-ncm kernel drivers, this filter should always
|
by qmi_wwan, cdc_mbim or huawei-cdc-ncm kernel drivers, this filter should always
|
||||||
be enabled.
|
be enabled.
|
||||||
</para>
|
</para>
|
||||||
@@ -254,7 +254,7 @@ $ sudo udevadm trigger
|
|||||||
<listitem>MM_FILTER_RULE_EXPLICIT_BLACKLIST</listitem>
|
<listitem>MM_FILTER_RULE_EXPLICIT_BLACKLIST</listitem>
|
||||||
<listitem>MM_FILTER_RULE_VIRTUAL</listitem>
|
<listitem>MM_FILTER_RULE_VIRTUAL</listitem>
|
||||||
<listitem>MM_FILTER_RULE_NET</listitem>
|
<listitem>MM_FILTER_RULE_NET</listitem>
|
||||||
<listitem>MM_FILTER_RULE_CDC_WDM</listitem>
|
<listitem>MM_FILTER_RULE_USBMISC</listitem>
|
||||||
<listitem>MM_FILTER_RULE_TTY</listitem>
|
<listitem>MM_FILTER_RULE_TTY</listitem>
|
||||||
<listitem>MM_FILTER_RULE_TTY_BLACKLIST</listitem>
|
<listitem>MM_FILTER_RULE_TTY_BLACKLIST</listitem>
|
||||||
<listitem>MM_FILTER_RULE_TTY_MANUAL_SCAN_ONLY</listitem>
|
<listitem>MM_FILTER_RULE_TTY_MANUAL_SCAN_ONLY</listitem>
|
||||||
@@ -280,7 +280,7 @@ $ sudo udevadm trigger
|
|||||||
<listitem>MM_FILTER_RULE_EXPLICIT_BLACKLIST</listitem>
|
<listitem>MM_FILTER_RULE_EXPLICIT_BLACKLIST</listitem>
|
||||||
<listitem>MM_FILTER_RULE_VIRTUAL</listitem>
|
<listitem>MM_FILTER_RULE_VIRTUAL</listitem>
|
||||||
<listitem>MM_FILTER_RULE_NET</listitem>
|
<listitem>MM_FILTER_RULE_NET</listitem>
|
||||||
<listitem>MM_FILTER_RULE_CDC_WDM</listitem>
|
<listitem>MM_FILTER_RULE_USBMISC</listitem>
|
||||||
<listitem>MM_FILTER_RULE_TTY</listitem>
|
<listitem>MM_FILTER_RULE_TTY</listitem>
|
||||||
<listitem>MM_FILTER_RULE_TTY_PLATFORM_DRIVER</listitem>
|
<listitem>MM_FILTER_RULE_TTY_PLATFORM_DRIVER</listitem>
|
||||||
<listitem>MM_FILTER_RULE_TTY_DRIVER</listitem>
|
<listitem>MM_FILTER_RULE_TTY_DRIVER</listitem>
|
||||||
@@ -307,7 +307,7 @@ $ sudo udevadm trigger
|
|||||||
<listitem>MM_FILTER_RULE_EXPLICIT_BLACKLIST</listitem>
|
<listitem>MM_FILTER_RULE_EXPLICIT_BLACKLIST</listitem>
|
||||||
<listitem>MM_FILTER_RULE_VIRTUAL</listitem>
|
<listitem>MM_FILTER_RULE_VIRTUAL</listitem>
|
||||||
<listitem>MM_FILTER_RULE_NET</listitem>
|
<listitem>MM_FILTER_RULE_NET</listitem>
|
||||||
<listitem>MM_FILTER_RULE_CDC_WDM</listitem>
|
<listitem>MM_FILTER_RULE_USBMISC</listitem>
|
||||||
<listitem>MM_FILTER_RULE_TTY</listitem>
|
<listitem>MM_FILTER_RULE_TTY</listitem>
|
||||||
<listitem>MM_FILTER_RULE_TTY_BLACKLIST</listitem>
|
<listitem>MM_FILTER_RULE_TTY_BLACKLIST</listitem>
|
||||||
<listitem>MM_FILTER_RULE_TTY_MANUAL_SCAN_ONLY</listitem>
|
<listitem>MM_FILTER_RULE_TTY_MANUAL_SCAN_ONLY</listitem>
|
||||||
@@ -339,7 +339,7 @@ $ sudo udevadm trigger
|
|||||||
net and cdc-wdm ports forbidden completely:
|
net and cdc-wdm ports forbidden completely:
|
||||||
<programlisting>
|
<programlisting>
|
||||||
# MM_FILTER_RULE_NET=0 \
|
# MM_FILTER_RULE_NET=0 \
|
||||||
MM_FILTER_RULE_CDC_WDM=0 \
|
MM_FILTER_RULE_USBMISC=0 \
|
||||||
/usr/sbin/ModemManager --filter-policy=DEFAULT</programlisting>
|
/usr/sbin/ModemManager --filter-policy=DEFAULT</programlisting>
|
||||||
</para>
|
</para>
|
||||||
<para>
|
<para>
|
||||||
@@ -348,7 +348,7 @@ $ sudo udevadm trigger
|
|||||||
net ports (e.g. 'lo') are also being allowed.
|
net ports (e.g. 'lo') are also being allowed.
|
||||||
<programlisting>
|
<programlisting>
|
||||||
# MM_FILTER_RULE_NET=1 \
|
# MM_FILTER_RULE_NET=1 \
|
||||||
MM_FILTER_RULE_CDC_WDM=1 \
|
MM_FILTER_RULE_USBMISC=1 \
|
||||||
/usr/sbin/ModemManager --filter-policy=WHITELIST-ONLY</programlisting>
|
/usr/sbin/ModemManager --filter-policy=WHITELIST-ONLY</programlisting>
|
||||||
</para>
|
</para>
|
||||||
</listitem>
|
</listitem>
|
||||||
|
|||||||
@@ -193,10 +193,9 @@ mm_filter_port (MMFilter *self,
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* If this is a cdc-wdm device, we always allow it */
|
/* If this is a cdc-wdm device, we always allow it */
|
||||||
if ((self->priv->enabled_rules & MM_FILTER_RULE_CDC_WDM) &&
|
if ((self->priv->enabled_rules & MM_FILTER_RULE_USBMISC) &&
|
||||||
(g_strcmp0 (subsystem, "usb") == 0 || g_strcmp0 (subsystem, "usbmisc") == 0) &&
|
(g_strcmp0 (subsystem, "usb") == 0 || g_strcmp0 (subsystem, "usbmisc") == 0)) {
|
||||||
(name && g_str_has_prefix (name, "cdc-wdm"))) {
|
mm_obj_dbg (self, "(%s/%s) port allowed: usbmisc device", subsystem, name);
|
||||||
mm_obj_dbg (self, "(%s/%s) port allowed: cdc-wdm device", subsystem, name);
|
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -449,7 +448,7 @@ mm_filter_new (MMFilterRule enabled_rules,
|
|||||||
mm_obj_dbg (self, " plugin whitelist: %s", RULE_ENABLED_STR (MM_FILTER_RULE_PLUGIN_WHITELIST));
|
mm_obj_dbg (self, " plugin whitelist: %s", RULE_ENABLED_STR (MM_FILTER_RULE_PLUGIN_WHITELIST));
|
||||||
mm_obj_dbg (self, " virtual devices forbidden: %s", RULE_ENABLED_STR (MM_FILTER_RULE_VIRTUAL));
|
mm_obj_dbg (self, " virtual devices forbidden: %s", RULE_ENABLED_STR (MM_FILTER_RULE_VIRTUAL));
|
||||||
mm_obj_dbg (self, " net devices allowed: %s", RULE_ENABLED_STR (MM_FILTER_RULE_NET));
|
mm_obj_dbg (self, " net devices allowed: %s", RULE_ENABLED_STR (MM_FILTER_RULE_NET));
|
||||||
mm_obj_dbg (self, " cdc-wdm devices allowed: %s", RULE_ENABLED_STR (MM_FILTER_RULE_CDC_WDM));
|
mm_obj_dbg (self, " usbmisc devices allowed: %s", RULE_ENABLED_STR (MM_FILTER_RULE_USBMISC));
|
||||||
if (self->priv->enabled_rules & MM_FILTER_RULE_TTY) {
|
if (self->priv->enabled_rules & MM_FILTER_RULE_TTY) {
|
||||||
mm_obj_dbg (self, " tty devices:");
|
mm_obj_dbg (self, " tty devices:");
|
||||||
mm_obj_dbg (self, " blacklist applied: %s", RULE_ENABLED_STR (MM_FILTER_RULE_TTY_BLACKLIST));
|
mm_obj_dbg (self, " blacklist applied: %s", RULE_ENABLED_STR (MM_FILTER_RULE_TTY_BLACKLIST));
|
||||||
|
|||||||
@@ -52,7 +52,7 @@ typedef enum { /*< underscore_name=mm_filter_rule >*/
|
|||||||
MM_FILTER_RULE_PLUGIN_WHITELIST = 1 << 2,
|
MM_FILTER_RULE_PLUGIN_WHITELIST = 1 << 2,
|
||||||
MM_FILTER_RULE_VIRTUAL = 1 << 3,
|
MM_FILTER_RULE_VIRTUAL = 1 << 3,
|
||||||
MM_FILTER_RULE_NET = 1 << 4,
|
MM_FILTER_RULE_NET = 1 << 4,
|
||||||
MM_FILTER_RULE_CDC_WDM = 1 << 5,
|
MM_FILTER_RULE_USBMISC = 1 << 5,
|
||||||
MM_FILTER_RULE_TTY = 1 << 6,
|
MM_FILTER_RULE_TTY = 1 << 6,
|
||||||
MM_FILTER_RULE_TTY_BLACKLIST = 1 << 7,
|
MM_FILTER_RULE_TTY_BLACKLIST = 1 << 7,
|
||||||
MM_FILTER_RULE_TTY_MANUAL_SCAN_ONLY = 1 << 8,
|
MM_FILTER_RULE_TTY_MANUAL_SCAN_ONLY = 1 << 8,
|
||||||
@@ -70,7 +70,7 @@ typedef enum { /*< underscore_name=mm_filter_rule >*/
|
|||||||
MM_FILTER_RULE_PLUGIN_WHITELIST | \
|
MM_FILTER_RULE_PLUGIN_WHITELIST | \
|
||||||
MM_FILTER_RULE_VIRTUAL | \
|
MM_FILTER_RULE_VIRTUAL | \
|
||||||
MM_FILTER_RULE_NET | \
|
MM_FILTER_RULE_NET | \
|
||||||
MM_FILTER_RULE_CDC_WDM | \
|
MM_FILTER_RULE_USBMISC | \
|
||||||
MM_FILTER_RULE_TTY | \
|
MM_FILTER_RULE_TTY | \
|
||||||
MM_FILTER_RULE_TTY_BLACKLIST | \
|
MM_FILTER_RULE_TTY_BLACKLIST | \
|
||||||
MM_FILTER_RULE_TTY_MANUAL_SCAN_ONLY | \
|
MM_FILTER_RULE_TTY_MANUAL_SCAN_ONLY | \
|
||||||
@@ -88,7 +88,7 @@ typedef enum { /*< underscore_name=mm_filter_rule >*/
|
|||||||
MM_FILTER_RULE_EXPLICIT_BLACKLIST | \
|
MM_FILTER_RULE_EXPLICIT_BLACKLIST | \
|
||||||
MM_FILTER_RULE_VIRTUAL | \
|
MM_FILTER_RULE_VIRTUAL | \
|
||||||
MM_FILTER_RULE_NET | \
|
MM_FILTER_RULE_NET | \
|
||||||
MM_FILTER_RULE_CDC_WDM | \
|
MM_FILTER_RULE_USBMISC | \
|
||||||
MM_FILTER_RULE_TTY | \
|
MM_FILTER_RULE_TTY | \
|
||||||
MM_FILTER_RULE_TTY_BLACKLIST | \
|
MM_FILTER_RULE_TTY_BLACKLIST | \
|
||||||
MM_FILTER_RULE_TTY_MANUAL_SCAN_ONLY | \
|
MM_FILTER_RULE_TTY_MANUAL_SCAN_ONLY | \
|
||||||
@@ -103,7 +103,7 @@ typedef enum { /*< underscore_name=mm_filter_rule >*/
|
|||||||
MM_FILTER_RULE_PLUGIN_WHITELIST | \
|
MM_FILTER_RULE_PLUGIN_WHITELIST | \
|
||||||
MM_FILTER_RULE_VIRTUAL | \
|
MM_FILTER_RULE_VIRTUAL | \
|
||||||
MM_FILTER_RULE_NET | \
|
MM_FILTER_RULE_NET | \
|
||||||
MM_FILTER_RULE_CDC_WDM | \
|
MM_FILTER_RULE_USBMISC | \
|
||||||
MM_FILTER_RULE_TTY | \
|
MM_FILTER_RULE_TTY | \
|
||||||
MM_FILTER_RULE_TTY_PLATFORM_DRIVER | \
|
MM_FILTER_RULE_TTY_PLATFORM_DRIVER | \
|
||||||
MM_FILTER_RULE_TTY_DRIVER | \
|
MM_FILTER_RULE_TTY_DRIVER | \
|
||||||
@@ -119,7 +119,7 @@ typedef enum { /*< underscore_name=mm_filter_rule >*/
|
|||||||
MM_FILTER_RULE_PLUGIN_WHITELIST | \
|
MM_FILTER_RULE_PLUGIN_WHITELIST | \
|
||||||
MM_FILTER_RULE_VIRTUAL | \
|
MM_FILTER_RULE_VIRTUAL | \
|
||||||
MM_FILTER_RULE_NET | \
|
MM_FILTER_RULE_NET | \
|
||||||
MM_FILTER_RULE_CDC_WDM | \
|
MM_FILTER_RULE_USBMISC | \
|
||||||
MM_FILTER_RULE_TTY | \
|
MM_FILTER_RULE_TTY | \
|
||||||
MM_FILTER_RULE_TTY_BLACKLIST | \
|
MM_FILTER_RULE_TTY_BLACKLIST | \
|
||||||
MM_FILTER_RULE_TTY_MANUAL_SCAN_ONLY | \
|
MM_FILTER_RULE_TTY_MANUAL_SCAN_ONLY | \
|
||||||
|
|||||||
Reference in New Issue
Block a user