github.com/Lephar/snapd@v0.0.0-20210825215435-c7fba9cef4d2/interfaces/builtin/u2f_devices.go (about) 1 // -*- Mode: Go; indent-tabs-mode: t -*- 2 3 /* 4 * Copyright (C) 2019 Canonical Ltd 5 * 6 * This program is free software: you can redistribute it and/or modify 7 * it under the terms of the GNU General Public License version 3 as 8 * published by the Free Software Foundation. 9 * 10 * This program is distributed in the hope that it will be useful, 11 * but WITHOUT ANY WARRANTY; without even the implied warranty of 12 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 13 * GNU General Public License for more details. 14 * 15 * You should have received a copy of the GNU General Public License 16 * along with this program. If not, see <http://www.gnu.org/licenses/>. 17 * 18 */ 19 20 package builtin 21 22 import ( 23 "fmt" 24 25 "github.com/snapcore/snapd/interfaces" 26 "github.com/snapcore/snapd/interfaces/udev" 27 ) 28 29 const u2fDevicesSummary = `allows access to u2f devices` 30 31 const u2fDevicesBaseDeclarationSlots = ` 32 u2f-devices: 33 allow-installation: 34 slot-snap-type: 35 - core 36 deny-auto-connection: true 37 ` 38 39 type u2fDevice struct { 40 Name, VendorIDPattern, ProductIDPattern string 41 } 42 43 // https://github.com/Yubico/libu2f-host/blob/master/70-u2f.rules 44 var u2fDevices = []u2fDevice{ 45 { 46 Name: "Yubico YubiKey", 47 VendorIDPattern: "1050", 48 ProductIDPattern: "0113|0114|0115|0116|0120|0121|0200|0402|0403|0406|0407|0410", 49 }, 50 { 51 Name: "Happlink (formerly Plug-Up) Security KEY", 52 VendorIDPattern: "2581", 53 ProductIDPattern: "f1d0", 54 }, 55 { 56 Name: "Neowave Keydo and Keydo AES", 57 VendorIDPattern: "1e0d", 58 ProductIDPattern: "f1d0|f1ae", 59 }, 60 { 61 Name: "HyperSecu HyperFIDO", 62 VendorIDPattern: "096e|2ccf", 63 ProductIDPattern: "0880", 64 }, 65 { 66 Name: "HyperSecu HyperFIDO Pro", 67 VendorIDPattern: "2ccf", 68 ProductIDPattern: "0854", 69 }, 70 { 71 Name: "Feitian ePass FIDO, BioPass FIDO2", 72 VendorIDPattern: "096e", 73 ProductIDPattern: "0850|0852|0853|0854|0856|0858|085a|085b|085d", 74 }, 75 { 76 Name: "JaCarta U2F", 77 VendorIDPattern: "24dc", 78 ProductIDPattern: "0101", 79 }, 80 { 81 Name: "U2F Zero", 82 VendorIDPattern: "10c4", 83 ProductIDPattern: "8acf", 84 }, 85 { 86 Name: "VASCO SeccureClick", 87 VendorIDPattern: "1a44", 88 ProductIDPattern: "00bb", 89 }, 90 { 91 Name: "Bluink Key", 92 VendorIDPattern: "2abe", 93 ProductIDPattern: "1002", 94 }, 95 { 96 Name: "Thetis Key", 97 VendorIDPattern: "1ea8", 98 ProductIDPattern: "f025", 99 }, 100 { 101 Name: "Nitrokey FIDO U2F", 102 VendorIDPattern: "20a0", 103 ProductIDPattern: "4287", 104 }, 105 { 106 Name: "Nitrokey FIDO2", 107 VendorIDPattern: "20a0", 108 ProductIDPattern: "42b1", 109 }, 110 { 111 Name: "Google Titan U2F", 112 VendorIDPattern: "18d1", 113 ProductIDPattern: "5026", 114 }, 115 { 116 Name: "Tomu board + chopstx U2F + SoloKeys", 117 VendorIDPattern: "0483", 118 ProductIDPattern: "cdab|a2ca", 119 }, 120 { 121 Name: "SoloKeys", 122 VendorIDPattern: "1209", 123 ProductIDPattern: "5070|50b0", 124 }, 125 { 126 Name: "OnlyKey", 127 VendorIDPattern: "1d50", 128 ProductIDPattern: "60fc", 129 }, 130 { 131 Name: "MIRKey", 132 VendorIDPattern: "0483", 133 ProductIDPattern: "a2ac", 134 }, 135 { 136 Name: "Ledger Blue + Nano S + Nano X", 137 VendorIDPattern: "2c97", 138 ProductIDPattern: "0000|0001|0004|0005|0015|1005|1015|4005|4015", 139 }, 140 } 141 142 const u2fDevicesConnectedPlugAppArmor = ` 143 # Description: Allow write access to u2f hidraw devices. 144 145 # Use a glob rule and rely on device cgroup for mediation. 146 /dev/hidraw* rw, 147 148 # char 234-254 are used for dynamic assignment, which u2f devices are 149 /run/udev/data/c23[4-9]:* r, 150 /run/udev/data/c24[0-9]:* r, 151 /run/udev/data/c25[0-4]:* r, 152 153 # misc required accesses 154 /run/udev/data/+power_supply:hid* r, 155 /run/udev/data/c14:[0-9]* r, 156 /sys/devices/**/i2c*/**/report_descriptor r, 157 /sys/devices/**/usb*/**/report_descriptor r, 158 ` 159 160 type u2fDevicesInterface struct { 161 commonInterface 162 } 163 164 func (iface *u2fDevicesInterface) UDevConnectedPlug(spec *udev.Specification, plug *interfaces.ConnectedPlug, slot *interfaces.ConnectedSlot) error { 165 for _, d := range u2fDevices { 166 spec.TagDevice(fmt.Sprintf("# %s\nSUBSYSTEM==\"hidraw\", KERNEL==\"hidraw*\", ATTRS{idVendor}==\"%s\", ATTRS{idProduct}==\"%s\"", d.Name, d.VendorIDPattern, d.ProductIDPattern)) 167 } 168 return nil 169 } 170 171 func init() { 172 registerIface(&u2fDevicesInterface{commonInterface{ 173 name: "u2f-devices", 174 summary: u2fDevicesSummary, 175 implicitOnCore: true, 176 implicitOnClassic: true, 177 baseDeclarationSlots: u2fDevicesBaseDeclarationSlots, 178 connectedPlugAppArmor: u2fDevicesConnectedPlugAppArmor, 179 }}) 180 }