-
Notifications
You must be signed in to change notification settings - Fork 2
/
org.usbguard1.xml
280 lines (248 loc) · 10.7 KB
/
org.usbguard1.xml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
<?xml version="1.0" encoding="UTF-8" ?>
<!DOCTYPE node PUBLIC
"-//freedesktop//DTD D-Bus Object Introspection 1.0//EN"
"https://specifications.freedesktop.org/dbus/1.0/introspect.dtd">
<node>
<!--
org.usbguard1
-->
<interface name="org.usbguard1">
<!--
getParameter:
@name:
@value:
-->
<method name="getParameter">
<arg name="name" direction="in" type="s"/>
<arg name="value" direction="out" type="s"/>
</method>
<!--
setParameter:
@name:
@value:
@previous_value:
-->
<method name="setParameter">
<arg name="name" direction="in" type="s"/>
<arg name="value" direction="in" type="s"/>
<arg name="previous_value" direction="out" type="s"/>
</method>
<!--
PropertyParameterChanged:
@name: Policy name
@value_old: Previous policy value.
@value_new: Current policy value.
Notify about a change of a property parameter.
-->
<signal name="PropertyParameterChanged">
<arg name="name" direction="out" type="s"/>
<arg name="value_old" direction="out" type="s"/>
<arg name="value_new" direction="out" type="s"/>
</signal>
<!--
ExceptionMessage:
@context: Description or identifier of the exception context.
@object: Description or identifier of the object which caused the exception.
@reason: Reason explaining why the exception was generated.
-->
<signal name="ExceptionMessage">
<arg name="context" direction="out" type="s"/>
<arg name="object" direction="out" type="s"/>
<arg name="reason" direction="out" type="s"/>
</signal>
</interface>
<!--
org.usbguard.Policy1:
The Policy interface allows to modify the USBGuard authorization policy.
-->
<interface name="org.usbguard.Policy1">
<!--
listRules:
@label: A label for matching rules.
@ruleset: An array of (rule_id, rule) tuples.
List the current rule set (policy) used by the USBGuard daemon. The
rules are returned in the same order as they are evaluated.
-->
<method name="listRules">
<arg name="label" direction="in" type="s"/>
<arg name="ruleset" direction="out" type="a(us)"/>
<annotation name="org.qtproject.QtDBus.QtTypeName.Out0" value="DBusRules"/>
</method>
<!--
appendRule:
@rule: The rule that should be appended to the policy.
@parent_id: Rule id of the parent rule.
@temporary: A boolean to avoid adding this rule to the policy file.
@id: The rule id assigned to the succesfully appended rule.
Append a new rule to the current policy. Using the parent_id
parameter, the rule can be inserted anywhere in the policy,
not only at the end. 4294967293 (UINT32_MAX-2) is the last possible
ID and thus, when using this as parent id, the rule is effectively
appended to the list of rules. When the rule is successfully appended,
the id assigned to the new rule is returned.
-->
<method name="appendRule">
<arg name="rule" direction="in" type="s"/>
<arg name="parent_id" direction="in" type="u"/>
<arg name="temporary" direction="in" type="b"/>
<arg name="id" direction="out" type="u"/>
</method>
<!--
removeRule:
@id: The rule id of the rule to be removed.
Remove a rule from the current policy.
-->
<method name="removeRule">
<arg name="id" direction="in" type="u"/>
</method>
</interface>
<!--
org.usbguard.Devices1:
The org.usbguard.Devices interface provides access to USB
devices via the USBGuard daemon. It can be used to modify
the runtime authorization state of devices and to listen
for device events (insertion, removal, (de)authorization,
...)
-->
<interface name="org.usbguard.Devices1">
<!--
listDevices:
@query: A query, in the rule language syntax, for matching devices.
@devices: An array of (device_id, device_rule) tuples that match the query.
List devices that match the specified query. The query uses the rule
language syntax and the devices are returned as device specific rules.
The target in each rule represents the current authorization state of
the device. Order of the returned devices is not defined and should not
be relied upon.
Example queries:
- 'match': Matches any device.
- 'allow': Matches only authorized devices.
- 'block': Matches only unauthorized devices.
- 'match with-interface one-of { 03:00:01 03:01:01 }': Matches any device with a HID/Keyboard interface.
-->
<method name="listDevices">
<arg name="query" direction="in" type="s"/>
<arg name="devices" direction="out" type="a(us)"/>
<annotation name="org.qtproject.QtDBus.QtTypeName.Out0" value="DBusRules"/>
</method>
<!--
applyDevicePolicy:
@id: Device id of the device to authorize.
@target: Device authorization target in numerical form.
0 = Allow. 1 = Block. 2 = Reject.
@permanent: A boolean flag specifying whether an allow rule should be appended to the policy.
@rule_id: If permanent was set to true, the method will return an ID of the rule that was
modified or created because of this request.
Apply an authorization target to a device.
If the permanent flag is set to True, a rule will be appended to the policy or an exiting device
rule will be modified in order to permanently store the authorization decision.
Successful execution of this method will cause the DevicePolicyChanged signal to be broadcasted if
the device authorization target was different from the applied target.
-->
<method name="applyDevicePolicy">
<arg name="id" direction="in" type="u"/>
<arg name="target" direction="in" type="u"/>
<arg name="permanent" direction="in" type="b"/>
<arg name="rule_id" direction="out" type="u"/>
</method>
<!--
DevicePresenceChanged:
@id: Device id of the device.
@event: Type of the presence change event in numerical form.
0 = Present, 1 = Insert, 2 = Update, 3 = Remove.
@target: The current authorization target of the device in numerical form.
@device_rule: Device specific rule.
@attributes: A dictionary of device attributes and their values.
Notify that a USB device was already present when USBGuard was started. Note
that currently this signal is of little use to 3rd-party application developers
as the signal won't reach any clients on the bus because the bus connections
are handled after the devices are processed. However, the internal processing
routines may change in the future so this signal is provided and documented
for completeness.
The device attribute dictionary contains the following attributes:
- id (the USB device ID in the form VID:PID)
- name
- serial
- via-port
- hash
- parent-hash
- with-interface
- with-connect-type (either "hardwired", "hotplug", or the empty string for unknown)
The USB interface types are represented as strings of the form AA:BB:CC, where AA,
BB, and CC are hexadecimal numbers representing the class, subclass and protocol
of the interface as defined by the USB standard.
-->
<signal name="DevicePresenceChanged">
<arg name="id" direction="out" type="u"/>
<arg name="event" direction="out" type="u"/>
<arg name="target" direction="out" type="u"/>
<arg name="device_rule" direction="out" type="s"/>
<arg name="attributes" direction="out" type="a{ss}"/>
<annotation name="org.qtproject.QtDBus.QtTypeName.Out4" value="DBusAttributes"/>
</signal>
<!--
DevicePolicyChanged:
@id: Device id of the device
@target_old: Previous authorization target in numerical form.
0 = Allow. 1 = Block. 2 = Reject.
@target_new: Current authorization target in numerical form.
@device_rule: Device specific rule.
@rule_id: A rule id of the matched rule. Otherwise a reserved rule id value is used.
Reserved values are:
4294967294 (UINT32_MAX - 1) for an implicit rule, e.g.
ImplicitPolicyTarget or InsertedDevicePolicy.
@attributes: A dictionary of device attributes and their values.
Notify about a change of a USB device authorization target.
The device attribute dictionary contains the following attributes:
- id (the USB device ID in the form VID:PID)
- name
- serial
- via-port
- hash
- parent-hash
- with-interface
- with-connect-type (either "hardwired", "hotplug", or the empty string for unknown)
-->
<signal name="DevicePolicyChanged">
<arg name="id" direction="out" type="u"/>
<arg name="target_old" direction="out" type="u"/>
<arg name="target_new" direction="out" type="u"/>
<arg name="device_rule" direction="out" type="s"/>
<arg name="rule_id" direction="out" type="u"/>
<arg name="attributes" direction="out" type="a{ss}"/>
<annotation name="org.qtproject.QtDBus.QtTypeName.Out5" value="DBusAttributes"/>
</signal>
<!--
DevicePolicyApplied:
@id: Device id of the device
@target_new: Current authorization target in numerical form.
0 = Allow. 1 = Block. 2 = Reject.
@device_rule: Device specific rule.
@rule_id: A rule id of the matched rule. Otherwise a reserved rule id value is used.
Reserved values are:
4294967294 (UINT32_MAX - 1) for an implicit rule, e.g.
ImplicitPolicyTarget or InsertedDevicePolicy.
@attributes: A dictionary of device attributes and their values.
Notify about a change of a USB device.
This is a superset of DevicePolicyChanged and will always be thrown
when a device is inserted, authorised, or rejected.
The device attribute dictionary contains the following attributes:
- id (the USB device ID in the form VID:PID)
- name
- serial
- via-port
- hash
- parent-hash
- with-interface
- with-connect-type (either "hardwired", "hotplug", or the empty string for unknown)
-->
<signal name="DevicePolicyApplied">
<arg name="id" direction="out" type="u"/>
<arg name="target_new" direction="out" type="u"/>
<arg name="device_rule" direction="out" type="s"/>
<arg name="rule_id" direction="out" type="u"/>
<arg name="attributes" direction="out" type="a{ss}"/>
<annotation name="org.qtproject.QtDBus.QtTypeName.Out4" value="DBusAttributes"/>
</signal>
</interface>
</node>