Dave Turner wrote on 02/09/16 20:12:
> On 02/09/16 01:38, Ralph Ronnquist wrote:
>> Ralph Ronnquist wrote on 01/09/16 08:51:
>>>
>>> My worry is that the OS_TYPE=255/255/255 condition is not distinct
>>> enough to make the action apply exactly and only for scanners. Comparing
>>> with udev rules, you'll find there are more than a few rules for USB
>>> devices, and almost all of them make their classification based on the
>>> vendor/product pair (rather than the capability declarations).
>>> ...
>>
>> I'm a little bit at a loss here, as I can't find anything in the vdev
>> tree dealing with, say, scanners or, say, mode switching USB devices.
>> Since those are major chunks in udev rules, I'm just confused. Have I
>> misunderstood?
>>
>> I find "scanner" mentioned in the hwdb, but there is no formal
>> classification of those other than identifying as usb (or pci);
>> nothing classifying them as scanners (unless you'd regard the model
>> label as such). I wish someone could explain things for me...
>>
>> Ralph.
>> _______________________________________________
>> Dng mailing list
>> Dng@???
>> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
>
> I loathe the 'feature' of udev that forces you to create or modify
> /etc/udev/rules.d/51-android to let your cheap'n'cheerful unlisted
> Android Device get through udev security. And now it seems that vdev is
> about to force the same thing. I know it isn't easy to completely
> re-think how things should be done, do OSX and the BSDs have a different
> and better way of doing this sort of thing?
>
> I want to ask you why a database of $V/$P/$N mappings is needed. It is
> my laptop and my cheap Android tablet and I want to plug it into the USB
> socket and have them play nicely together. God knows what I would have
> done if I was just a normal ordinary person. I would have concluded that
> linux was shit and gone back to my Mac or Windoze.
>
> dmesg knew all about my android tablet when I plugged it in, why can't
> vdev pick it up from there?
>
> this is what I had to add into 51-android having had a look at dmesg first.
>
> # my cheap Android tablet
> ATTR{idVendor}=="1f3a", ENV{adb_user}="yes"
I suppose the issue is to make sure that the right user have the right
access to the right devices when she wants to use the computer, whilst
making sure that the wrong user doesn't have the wrong access regardless
of what he wants to do.
Traditionally on Linux, the means to achieve this would be to use file
permissions. Then more recently, the notion of access control lists was
invented to offer a more dynamic access control. And then even more
recently "people" have decided that this is an insanely hard problem,
which requires an insane solution.
Given the scope of possible use cases, perhaps the permission handling
should be taken elsewhere, and make the hotplug handler only deal with
ensuring the device is functional and available to the permission
handling sub system. Maybe even the latter could be PAM (although I
don't know if PAM can make device access be allowed rather than just
judging whether or not it is allowed).
Ralph.