usbguard icon indicating copy to clipboard operation
usbguard copied to clipboard
verified publisher icon USBGuard

Blocks usb_modeswitch operation

Open intrigeri opened this issue 9 years ago • 7 comments

Hi!

I initially thought I got my rules wrong, but even with ImplicitPolicyTarget=allow and an empty ruleset, usbguard 0.6.2 prevents usb_modeswitch from doing its job: my 3G USB stick remains in its initial mode (as plugged) and is never switched to modem mode.

Am I doing something wrong?

Cheers!

intrigeri avatar Jan 21 '17 18:01 intrigeri

Hi! Could you please run the daemon with debugging enabled and attach the logs? You can enable debugging by adding the -d option to command-line arguments when starting the daemon. Something like:

# usbguard-daemon -d -k -c /etc/usbguard/usbguard-daemon.conf

dkopecek avatar Jan 23 '17 12:01 dkopecek

Could you please run the daemon with debugging enabled and attach the logs?

Sure. I've redacted the logs a bit though, because I'd rather not leak all my devices serial numbers etc. here.

With usbguard running:

Feb 07 13:55:08 localhost usbguard-daemon[396]: [1486472108.711] (D) LinuxDeviceManager.cpp@328/thread: UDev read event.
Feb 07 13:55:08 localhost usbguard-daemon[396]: [1486472108.711] (T) LinuxDeviceManager.cpp@480/processDeviceRemoval: dev=0x7f120c02a2f0
Feb 07 13:55:08 localhost usbguard-daemon[396]: [1486472108.711] (T) DeviceManagerPrivate.cpp@58/removeDevice: entry: id=15
Feb 07 13:55:08 localhost usbguard-daemon[396]: [1486472108.711] (T) DeviceManagerPrivate.cpp@66/removeDevice: return: device_ptr=0x7f120c01dfc0
Feb 07 13:55:08 localhost usbguard-daemon[396]: [1486472108.711] (T) DeviceManagerPrivate.cpp@96/DeviceEvent: event=Removedevice_ptr=0x7f120c01dfc0
Feb 07 13:55:08 localhost usbguard-daemon[396]: [1486472108.711] (T) Daemon.cpp@372/dmHookDeviceEvent: event=Remove device_ptr=0x7f120c01dfc0
Feb 07 13:55:08 localhost usbguard-daemon[396]: [1486472108.711] (T) DevicePrivate.cpp@69/getDeviceRule: entry:  with_port=1 with_parent_hash=1 match_rule=0
Feb 07 13:55:08 localhost usbguard-daemon[396]: [1486472108.711] (T) DeviceManagerPrivate.cpp@84/getDevice: id=13
Feb 07 13:55:08 localhost usbguard-daemon[396]: [1486472108.711] (T) DevicePrivate.cpp@110/getDeviceRule: return: device_rule=allow id VENDOR_ID:PRODUCT_ID serial "SERIAL_DELETED" name "REDACTED Modem" hash "koHgyPbLUkSoQUbzt6jSMpwxldSkW1TtWU1IGShQYTI=" parent-hash "Miigb8mx72Z0q6L+YMai0mDZSlYC8qiSMctoUjByF2o=" via-port "1-4" with-interface 08:06:50
Feb 07 13:55:16 localhost kernel: usb 1-4: new high-speed USB device number 27 using xhci_hcd
Feb 07 13:55:16 localhost kernel: usb 1-4: New USB device found, idVendor=2357, idProduct=f000
Feb 07 13:55:16 localhost kernel: usb 1-4: New USB device strings: Mfr=3, Product=2, SerialNumber=4
Feb 07 13:55:16 localhost kernel: usb 1-4: Product: REDACTED Modem
Feb 07 13:55:16 localhost kernel: usb 1-4: Manufacturer: REDACTED, Incorporated
Feb 07 13:55:16 localhost kernel: usb 1-4: SerialNumber: SERIAL_DELETED
Feb 07 13:55:16 localhost kernel: usb 1-4: Device is not authorized for usage
Feb 07 13:55:16 localhost systemd[1]: Starting USB_ModeSwitch_1-4...
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (D) LinuxDeviceManager.cpp@328/thread: UDev read event.
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) DeviceManagerPrivate.cpp@48/insertDevice: device_ptr=0x7f120c016080
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (D) DeviceManagerPrivate.cpp@51/insertDevice: id=21
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) DeviceManagerPrivate.cpp@96/DeviceEvent: event=Insertdevice_ptr=0x7f120c016080
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) Daemon.cpp@372/dmHookDeviceEvent: event=Insert device_ptr=0x7f120c016080
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) DevicePrivate.cpp@69/getDeviceRule: entry:  with_port=1 with_parent_hash=1 match_rule=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) DeviceManagerPrivate.cpp@84/getDevice: id=13
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) DevicePrivate.cpp@110/getDeviceRule: return: device_rule=block id VENDOR_ID:PRODUCT_ID serial "SERIAL_DELETED" name "REDACTED Modem" hash "koHgyPbLUkSoQUbzt6jSMpwxldSkW1TtWU1IGShQYTI=" parent-hash "Miigb8mx72Z0q6L+YMai0mDZSlYC8qiSMctoUjByF2o=" via-port "1-4" with-interface 08:06:50
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) Daemon.cpp@442/getDevicePolicyRule: device_ptr=0x7f120c016080
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) DevicePrivate.cpp@69/getDeviceRule: entry:  with_port=1 with_parent_hash=1 match_rule=1
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) DeviceManagerPrivate.cpp@84/getDevice: id=13
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) DevicePrivate.cpp@110/getDeviceRule: return: device_rule=match id VENDOR_ID:PRODUCT_ID serial "SERIAL_DELETED" name "REDACTED Modem" hash "koHgyPbLUkSoQUbzt6jSMpwxldSkW1TtWU1IGShQYTI=" parent-hash "Miigb8mx72Z0q6L+YMai0mDZSlYC8qiSMctoUjByF2o=" via-port "1-4" with-interface 08:06:50
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) RulePrivate.cpp@132/appliesToWithConditions: entry: rhs=match id VENDOR_ID:PRODUCT_ID serial "SERIAL_DELETED" name "REDACTED Modem" hash "koHgyPbLUkSoQUbzt6jSMpwxldSkW1TtWU1IGShQYTI=" parent-hash "Miigb8mx72Z0q6L+YMai0mDZSlYC8qiSMctoUjByF2o=" via-port "1-4" with-interface 08:06:50 with_updates=1
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) RulePrivate.cpp@105/appliesTo: entry: rhs=match id VENDOR_ID:PRODUCT_ID serial "SERIAL_DELETED" name "REDACTED Modem" hash "koHgyPbLUkSoQUbzt6jSMpwxldSkW1TtWU1IGShQYTI=" parent-hash "Miigb8mx72Z0q6L+YMai0mDZSlYC8qiSMctoUjByF2o=" via-port "1-4" with-interface 08:06:50 parent_insensitive=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) RulePrivate.cpp@179/appliesTo: entry: source=id 03f0:5607 target=id VENDOR_ID:PRODUCT_ID
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (D) RulePrivate.cpp@191/appliesTo: set_operator=equals
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) RulePrivate.cpp@214/appliesTo: return: applies=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) RulePrivate.cpp@124/appliesTo: return: applies=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) RulePrivate.cpp@145/appliesToWithConditions: return: applies=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) RulePrivate.cpp@132/appliesToWithConditions: entry: rhs=match id VENDOR_ID:PRODUCT_ID serial "SERIAL_DELETED" name "REDACTED Modem" hash "koHgyPbLUkSoQUbzt6jSMpwxldSkW1TtWU1IGShQYTI=" parent-hash "Miigb8mx72Z0q6L+YMai0mDZSlYC8qiSMctoUjByF2o=" via-port "1-4" with-interface 08:06:50 with_updates=1
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) RulePrivate.cpp@105/appliesTo: entry: rhs=match id VENDOR_ID:PRODUCT_ID serial "SERIAL_DELETED" name "REDACTED Modem" hash "koHgyPbLUkSoQUbzt6jSMpwxldSkW1TtWU1IGShQYTI=" parent-hash "Miigb8mx72Z0q6L+YMai0mDZSlYC8qiSMctoUjByF2o=" via-port "1-4" with-interface 08:06:50 parent_insensitive=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) RulePrivate.cpp@179/appliesTo: entry: source=id 0424:2134 target=id VENDOR_ID:PRODUCT_ID
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (D) RulePrivate.cpp@191/appliesTo: set_operator=equals
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) RulePrivate.cpp@214/appliesTo: return: applies=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) RulePrivate.cpp@124/appliesTo: return: applies=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) RulePrivate.cpp@145/appliesToWithConditions: return: applies=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) RulePrivate.cpp@132/appliesToWithConditions: entry: rhs=match id VENDOR_ID:PRODUCT_ID serial "SERIAL_DELETED" name "REDACTED Modem" hash "koHgyPbLUkSoQUbzt6jSMpwxldSkW1TtWU1IGShQYTI=" parent-hash "Miigb8mx72Z0q6L+YMai0mDZSlYC8qiSMctoUjByF2o=" via-port "1-4" with-interface 08:06:50 with_updates=1
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) RulePrivate.cpp@105/appliesTo: entry: rhs=match id VENDOR_ID:PRODUCT_ID serial "SERIAL_DELETED" name "REDACTED Modem" hash "koHgyPbLUkSoQUbzt6jSMpwxldSkW1TtWU1IGShQYTI=" parent-hash "Miigb8mx72Z0q6L+YMai0mDZSlYC8qiSMctoUjByF2o=" via-port "1-4" with-interface 08:06:50 parent_insensitive=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) RulePrivate.cpp@179/appliesTo: entry: source=id 0424:5534 target=id VENDOR_ID:PRODUCT_ID
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (D) RulePrivate.cpp@191/appliesTo: set_operator=equals
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) RulePrivate.cpp@214/appliesTo: return: applies=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) RulePrivate.cpp@124/appliesTo: return: applies=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) RulePrivate.cpp@145/appliesToWithConditions: return: applies=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) RulePrivate.cpp@132/appliesToWithConditions: entry: rhs=match id VENDOR_ID:PRODUCT_ID serial "SERIAL_DELETED" name "REDACTED Modem" hash "koHgyPbLUkSoQUbzt6jSMpwxldSkW1TtWU1IGShQYTI=" parent-hash "Miigb8mx72Z0q6L+YMai0mDZSlYC8qiSMctoUjByF2o=" via-port "1-4" with-interface 08:06:50 with_updates=1
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) RulePrivate.cpp@105/appliesTo: entry: rhs=match id VENDOR_ID:PRODUCT_ID serial "SERIAL_DELETED" name "REDACTED Modem" hash "koHgyPbLUkSoQUbzt6jSMpwxldSkW1TtWU1IGShQYTI=" parent-hash "Miigb8mx72Z0q6L+YMai0mDZSlYC8qiSMctoUjByF2o=" via-port "1-4" with-interface 08:06:50 parent_insensitive=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) RulePrivate.cpp@179/appliesTo: entry: source=id 058f:9540 target=id VENDOR_ID:PRODUCT_ID
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (D) RulePrivate.cpp@191/appliesTo: set_operator=equals
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) RulePrivate.cpp@214/appliesTo: return: applies=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) RulePrivate.cpp@124/appliesTo: return: applies=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) RulePrivate.cpp@145/appliesToWithConditions: return: applies=0
Feb 07 13:55:16 localhost kernel: usb-storage 1-4:1.0: USB Mass Storage device detected
Feb 07 13:55:16 localhost systemd[1]: Started USB_ModeSwitch_1-4.
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) RulePrivate.cpp@132/appliesToWithConditions: entry: rhs=match id VENDOR_ID:PRODUCT_ID serial "SERIAL_DELETED" name "REDACTED Modem" hash "koHgyPbLUkSoQUbzt6jSMpwxldSkW1TtWU1IGShQYTI=" parent-hash "Miigb8mx72Z0q6L+YMai0mDZSlYC8qiSMctoUjByF2o=" via-port "1-4" with-interface 08:06:50 with_updates=1
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) RulePrivate.cpp@105/appliesTo: entry: rhs=match id VENDOR_ID:PRODUCT_ID serial "SERIAL_DELETED" name "REDACTED Modem" hash "koHgyPbLUkSoQUbzt6jSMpwxldSkW1TtWU1IGShQYTI=" parent-hash "Miigb8mx72Z0q6L+YMai0mDZSlYC8qiSMctoUjByF2o=" via-port "1-4" with-interface 08:06:50 parent_insensitive=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) RulePrivate.cpp@179/appliesTo: entry: source=id 1d6b:0002 target=id VENDOR_ID:PRODUCT_ID
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (D) RulePrivate.cpp@191/appliesTo: set_operator=equals
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) RulePrivate.cpp@214/appliesTo: return: applies=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) RulePrivate.cpp@124/appliesTo: return: applies=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.504] (T) RulePrivate.cpp@145/appliesToWithConditions: return: applies=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@132/appliesToWithConditions: entry: rhs=match id VENDOR_ID:PRODUCT_ID serial "SERIAL_DELETED" name "REDACTED Modem" hash "koHgyPbLUkSoQUbzt6jSMpwxldSkW1TtWU1IGShQYTI=" parent-hash "Miigb8mx72Z0q6L+YMai0mDZSlYC8qiSMctoUjByF2o=" via-port "1-4" with-interface 08:06:50 with_updates=1
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@105/appliesTo: entry: rhs=match id VENDOR_ID:PRODUCT_ID serial "SERIAL_DELETED" name "REDACTED Modem" hash "koHgyPbLUkSoQUbzt6jSMpwxldSkW1TtWU1IGShQYTI=" parent-hash "Miigb8mx72Z0q6L+YMai0mDZSlYC8qiSMctoUjByF2o=" via-port "1-4" with-interface 08:06:50 parent_insensitive=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@179/appliesTo: entry: source=id 1d6b:0002 target=id VENDOR_ID:PRODUCT_ID
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (D) RulePrivate.cpp@191/appliesTo: set_operator=equals
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@214/appliesTo: return: applies=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@124/appliesTo: return: applies=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@145/appliesToWithConditions: return: applies=0
Feb 07 13:55:16 localhost kernel: scsi host2: usb-storage 1-4:1.0
Feb 07 13:55:16 localhost kernel: usb 1-4: authorized to connect
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@132/appliesToWithConditions: entry: rhs=match id VENDOR_ID:PRODUCT_ID serial "SERIAL_DELETED" name "REDACTED Modem" hash "koHgyPbLUkSoQUbzt6jSMpwxldSkW1TtWU1IGShQYTI=" parent-hash "Miigb8mx72Z0q6L+YMai0mDZSlYC8qiSMctoUjByF2o=" via-port "1-4" with-interface 08:06:50 with_updates=1
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@105/appliesTo: entry: rhs=match id VENDOR_ID:PRODUCT_ID serial "SERIAL_DELETED" name "REDACTED Modem" hash "koHgyPbLUkSoQUbzt6jSMpwxldSkW1TtWU1IGShQYTI=" parent-hash "Miigb8mx72Z0q6L+YMai0mDZSlYC8qiSMctoUjByF2o=" via-port "1-4" with-interface 08:06:50 parent_insensitive=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@179/appliesTo: entry: source=id 1d6b:0003 target=id VENDOR_ID:PRODUCT_ID
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (D) RulePrivate.cpp@191/appliesTo: set_operator=equals
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@214/appliesTo: return: applies=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@124/appliesTo: return: applies=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@145/appliesToWithConditions: return: applies=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@132/appliesToWithConditions: entry: rhs=match id VENDOR_ID:PRODUCT_ID serial "SERIAL_DELETED" name "REDACTED Modem" hash "koHgyPbLUkSoQUbzt6jSMpwxldSkW1TtWU1IGShQYTI=" parent-hash "Miigb8mx72Z0q6L+YMai0mDZSlYC8qiSMctoUjByF2o=" via-port "1-4" with-interface 08:06:50 with_updates=1
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@105/appliesTo: entry: rhs=match id VENDOR_ID:PRODUCT_ID serial "SERIAL_DELETED" name "REDACTED Modem" hash "koHgyPbLUkSoQUbzt6jSMpwxldSkW1TtWU1IGShQYTI=" parent-hash "Miigb8mx72Z0q6L+YMai0mDZSlYC8qiSMctoUjByF2o=" via-port "1-4" with-interface 08:06:50 parent_insensitive=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@179/appliesTo: entry: source=id 2357:9000 target=id VENDOR_ID:PRODUCT_ID
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (D) RulePrivate.cpp@191/appliesTo: set_operator=equals
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@214/appliesTo: return: applies=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@124/appliesTo: return: applies=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@145/appliesToWithConditions: return: applies=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@132/appliesToWithConditions: entry: rhs=match id VENDOR_ID:PRODUCT_ID serial "SERIAL_DELETED" name "REDACTED Modem" hash "koHgyPbLUkSoQUbzt6jSMpwxldSkW1TtWU1IGShQYTI=" parent-hash "Miigb8mx72Z0q6L+YMai0mDZSlYC8qiSMctoUjByF2o=" via-port "1-4" with-interface 08:06:50 with_updates=1
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@105/appliesTo: entry: rhs=match id VENDOR_ID:PRODUCT_ID serial "SERIAL_DELETED" name "REDACTED Modem" hash "koHgyPbLUkSoQUbzt6jSMpwxldSkW1TtWU1IGShQYTI=" parent-hash "Miigb8mx72Z0q6L+YMai0mDZSlYC8qiSMctoUjByF2o=" via-port "1-4" with-interface 08:06:50 parent_insensitive=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@179/appliesTo: entry: source=id VENDOR_ID:PRODUCT_ID target=id VENDOR_ID:PRODUCT_ID
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (D) RulePrivate.cpp@191/appliesTo: set_operator=equals
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@214/appliesTo: return: applies=1
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@179/appliesTo: entry: source=serial target=serial "SERIAL_DELETED"
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (D) RulePrivate.cpp@187/appliesTo: empty source value, setting applies=true
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@214/appliesTo: return: applies=1
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@179/appliesTo: entry: source=name target=name "REDACTED Modem"
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (D) RulePrivate.cpp@187/appliesTo: empty source value, setting applies=true
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@214/appliesTo: return: applies=1
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@179/appliesTo: entry: source=hash target=hash "koHgyPbLUkSoQUbzt6jSMpwxldSkW1TtWU1IGShQYTI="
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (D) RulePrivate.cpp@187/appliesTo: empty source value, setting applies=true
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@214/appliesTo: return: applies=1
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@179/appliesTo: entry: source=parent-hash "Miigb8mx72Z0q6L+YMai0mDZSlYC8qiSMctoUjByF2o=" target=parent-hash "Miigb8mx72Z0q6L+YMai0mDZSlYC8qiSMctoUjByF2o="
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (D) RulePrivate.cpp@191/appliesTo: set_operator=equals
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@214/appliesTo: return: applies=1
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@179/appliesTo: entry: source=via-port target=via-port "1-4"
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (D) RulePrivate.cpp@187/appliesTo: empty source value, setting applies=true
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@214/appliesTo: return: applies=1
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@179/appliesTo: entry: source=with-interface target=with-interface 08:06:50
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (D) RulePrivate.cpp@187/appliesTo: empty source value, setting applies=true
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@214/appliesTo: return: applies=1
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@124/appliesTo: return: applies=1
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@153/meetsConditions: entry: rhs=match id VENDOR_ID:PRODUCT_ID serial "SERIAL_DELETED" name "REDACTED Modem" hash "koHgyPbLUkSoQUbzt6jSMpwxldSkW1TtWU1IGShQYTI=" parent-hash "Miigb8mx72Z0q6L+YMai0mDZSlYC8qiSMctoUjByF2o=" via-port "1-4" with-interface 08:06:50 with_update=1
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (D) RulePrivate.cpp@216/updateConditionsState: current=0 updated=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@229/updateConditionsState: return: retval=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (D) RulePrivate.cpp@161/meetsConditions: set_operator=equals
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@182/meetsConditions: return: meets_conditions=1
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) RulePrivate.cpp@145/appliesToWithConditions: return: applies=1
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) Daemon.cpp@406/dmApplyDevicePolicy: device_ptr=0x7f120c016080 matched_rule_ptr=0x55949e160f80
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.505] (T) DeviceManagerPrivate.cpp@84/getDevice: id=21
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.512] (D) Daemon.cpp@418/dmApplyDevicePolicy: Device target changed: old=block new=allow
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.512] (T) DevicePrivate.cpp@69/getDeviceRule: entry:  with_port=1 with_parent_hash=1 match_rule=0
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.512] (T) DeviceManagerPrivate.cpp@84/getDevice: id=13
Feb 07 13:55:16 localhost usbguard-daemon[396]: [1486472116.512] (T) DevicePrivate.cpp@110/getDeviceRule: return: device_rule=allow id VENDOR_ID:PRODUCT_ID serial "SERIAL_DELETED" name "REDACTED Modem" hash "koHgyPbLUkSoQUbzt6jSMpwxldSkW1TtWU1IGShQYTI=" parent-hash "Miigb8mx72Z0q6L+YMai0mDZSlYC8qiSMctoUjByF2o=" via-port "1-4" with-interface 08:06:50
Feb 07 13:55:17 localhost kernel: scsi 2:0:0:0: CD-ROM            REDACTED  MMC Storage      2.31 PQ: 0 ANSI: 2
Feb 07 13:55:17 localhost kernel: scsi 2:0:0:1: Direct-Access     REDACTED  MMC Storage      2.31 PQ: 0 ANSI: 2
Feb 07 13:55:17 localhost kernel: sr 2:0:0:0: [sr0] scsi-1 drive
Feb 07 13:55:17 localhost kernel: sr 2:0:0:0: Attached scsi CD-ROM sr0
Feb 07 13:55:17 localhost kernel: sr 2:0:0:0: Attached scsi generic sg1 type 5
Feb 07 13:55:17 localhost kernel: sd 2:0:0:1: Attached scsi generic sg2 type 0
Feb 07 13:55:17 localhost kernel: sd 2:0:0:1: [sdb] Attached SCSI removable disk

… and lsusb shows the initial VENDOR_ID:PRODUCT_ID, instead of the one I would expect if usb_modeswitch had been able to do its job.

And with usbguard stopped:

Feb 07 14:05:12 localhost kernel: usb 1-4: new high-speed USB device number 28 using xhci_hcd
Feb 07 14:05:12 localhost kernel: usb 1-4: New USB device found, idVendor=VENDOR_ID, idProduct=PRODUCT_ID
Feb 07 14:05:12 localhost kernel: usb 1-4: New USB device strings: Mfr=3, Product=2, SerialNumber=4
Feb 07 14:05:12 localhost kernel: usb 1-4: Product: REDACTED HSPA+ Modem
Feb 07 14:05:12 localhost kernel: usb 1-4: Manufacturer: REDACTED, Incorporated
Feb 07 14:05:12 localhost kernel: usb 1-4: SerialNumber: SERIAL_DELETED
Feb 07 14:05:12 localhost mtp-probe[1199]: checking bus 1, device 28: "/sys/devices/pci0000:00/0000:00:14.0/usb1/1-4"
Feb 07 14:05:12 localhost mtp-probe[1199]: bus: 1, device: 28 was not an MTP device
Feb 07 14:05:12 localhost kernel: usb-storage 1-4:1.0: USB Mass Storage device detected
Feb 07 14:05:12 localhost kernel: scsi host2: usb-storage 1-4:1.0
Feb 07 14:05:12 localhost systemd[1]: Starting USB_ModeSwitch_1-4...
Feb 07 14:05:13 localhost usb_modeswitch[1221]: switch device VENDOR_ID:PRODUCT_ID on 001/028
Feb 07 14:05:13 localhost kernel: usb 1-4: USB disconnect, device number 28
Feb 07 14:05:13 localhost kernel: usb 1-4: new high-speed USB device number 29 using xhci_hcd
Feb 07 14:05:13 localhost kernel: usb 1-4: New USB device found, idVendor=VENDOR_ID, idProduct=NEW_PRODUCT_ID
Feb 07 14:05:13 localhost kernel: usb 1-4: New USB device strings: Mfr=3, Product=2, SerialNumber=4
Feb 07 14:05:13 localhost kernel: usb 1-4: Product: REDACTED HSPA+ Modem
Feb 07 14:05:13 localhost kernel: usb 1-4: Manufacturer: REDACTED, Incorporated
Feb 07 14:05:13 localhost kernel: usb 1-4: SerialNumber: SERIAL_DELETED
Feb 07 14:05:13 localhost mtp-probe[1229]: checking bus 1, device 29: "/sys/devices/pci0000:00/0000:00:14.0/usb1/1-4"
Feb 07 14:05:13 localhost kernel: option 1-4:1.0: GSM modem (1-port) converter detected
Feb 07 14:05:13 localhost kernel: usb 1-4: GSM modem (1-port) converter now attached to ttyUSB0
Feb 07 14:05:13 localhost kernel: option 1-4:1.1: GSM modem (1-port) converter detected
Feb 07 14:05:13 localhost kernel: usb 1-4: GSM modem (1-port) converter now attached to ttyUSB1
Feb 07 14:05:13 localhost kernel: usb-storage 1-4:1.2: USB Mass Storage device detected
Feb 07 14:05:13 localhost kernel: scsi host2: usb-storage 1-4:1.2
Feb 07 14:05:13 localhost kernel: option 1-4:1.3: GSM modem (1-port) converter detected
Feb 07 14:05:13 localhost kernel: usb 1-4: GSM modem (1-port) converter now attached to ttyUSB2
Feb 07 14:05:13 localhost mtp-probe[1229]: bus: 1, device: 29 was not an MTP device
Feb 07 14:05:14 localhost root[1254]: usb_modeswitch: switched to VENDOR_ID:NEW_PRODUCT_ID on 001/029
Feb 07 14:05:14 localhost kernel: scsi 2:0:0:0: CD-ROM            REDACTED  MMC Storage      2.31 PQ: 0 ANSI: 2
Feb 07 14:05:14 localhost kernel: scsi 2:0:0:1: Direct-Access     REDACTED  MMC Storage      2.31 PQ: 0 ANSI: 2
Feb 07 14:05:14 localhost kernel: sr 2:0:0:0: [sr0] scsi-1 drive
Feb 07 14:05:14 localhost kernel: sr 2:0:0:0: Attached scsi CD-ROM sr0
Feb 07 14:05:14 localhost kernel: sr 2:0:0:0: Attached scsi generic sg1 type 5
Feb 07 14:05:14 localhost kernel: sd 2:0:0:1: Attached scsi generic sg2 type 0
Feb 07 14:05:14 localhost kernel: sd 2:0:0:1: [sdb] Attached SCSI removable disk
Feb 07 14:05:14 localhost systemd[1]: Started USB_ModeSwitch_1-4.
[...]
Feb 07 14:05:45 localhost ModemManager[1194]:   Creating modem with plugin 'Generic' and '3' ports

intrigeri avatar Feb 07 '17 13:02 intrigeri

I'm guessing this is not an USBGuard bug, but a result of how the usb_modeswitch udev rules are written – they trigger as soon as the usb_device appears and blindly assume that all child usb_interface will be ready immediately.

But in your case, usb_modeswitch finds no interfaces, is unable to do anything and exits. When USBGuard finally authorizes the device, the child usb_interface shows up but there's no udev rule to react on it.

Your (/usr)/lib/udev/rules.d/40-usb_modeswitch.rules has lines like this:

ATTR{idVendor}=="2357", ATTR{idProduct}=="f000", RUN+="usb_modeswitch '/%k'"

Try adding a new ruleset /etc/udev/rules.d/41-modeswitch-harder.rules with:

ACTION!="add", GOTO="41_modeswitch_rules_end"
SUBSYSTEM!="usb", GOTO="41_modeswitch_rules_end"

ATTR{idVendor}=="2357", ATTR{idProduct}=="f000", ENV{modeswitch_dev}="%k"

ENV{DEVTYPE}=="usb_interface", IMPORT{parent}="modeswitch_dev"
ENV{DEVTYPE}=="usb_interface", ENV{modeswitch_dev}=="?*", RUN+="usb_modeswitch '/%E{modeswitch_dev}'"

LABEL="41_modeswitch_rules_end"

Run udevadm control --reload after editing, then reconnect the device.

grawity avatar Jul 15 '17 11:07 grawity

@grawity Hi and thanks for helping with this! Do you think it would be a good idea for usbguard to provide (or even install) such a udev snippet to fix this situation?

dkopecek avatar Jan 22 '18 12:01 dkopecek

No, if it calls usb_modeswitch then it should remain part of usb_modeswitch. (You could say the existing rules installed by usb_modeswitch are buggy regardless of usbguard.)

The above snippet is meant as a local workaround, and as an example of how usb_modeswitch should fix its rules.

grawity avatar Jan 22 '18 12:01 grawity

has this been reported to the usb modeswitch folks yet?

muelli avatar Jan 29 '19 19:01 muelli

has this been reported to the usb modeswitch folks yet?

@muelli, at least I did not. I haven't access to the affected hardware anymore.

intrigeri avatar Mar 30 '19 14:03 intrigeri