I want to whitelist a USB Touch screen and block everything else. I have written hundreds of UDEV rules but none of them seem to work. I can block every single connected USB device but can't find a way to whitelist one single USB i.e the monitor. I have tried to match every single attribute of the USB E.G vendorId, productId, manufacturer, serial no etc. I don't know what i am doing wrong. Below you can find some rules that i tried.
Method 1:
# Block MTP Devices
SUBSYSTEM=="usb", ACTION=="add", RUN+="/bin/sh -c 'echo 0 >/sys$DEVPATH/authorized'"
# Block USB
SUBSYSTEMS=="usb|usbmisc", ATTRS{idVendor}!="0000", ATTRS{idProduct}!="0000", MODE="0000"
# Block USB storage devices
KERNEL=="sd*", ATTRS{removable}=="1", ATTRS{serial}!="", ENV{ID_BUS}=="usb", ENV{DEVTYPE}=="disk", MODE="0000"
# Whitelist touch screen
SUBSYSTEM=="usb", ATTR{bInterfaceClass}=="03", ATTR{bInterfaceSubClass}=="00", MODE="0666" # Human Interface Device
SUBSYSTEM=="usb", ATTR{bInterfaceClass}=="0e", MODE="0666" # Video device (monitor)
Method 2:
# Disable all other USB devices
SUBSYSTEMS=="usb", ACTION=="add", RUN+="/bin/sh -c 'echo 0 >/sys$DEVPATH/authorized'""
# Hub
SUBSYSTEMS=="usb", ACTION=="add", ATTR{manufacturer}=="Logitech", ATTR{product}=="USB Optical Mouse", ATTR{idVendor}=="046d", ATTR{idProduct}=="c077", ATTR{bDeviceClass}=="00", RUN+="/bin/sh -c 'echo 1 >/sys$DEVPATH/authorized'", GOTO="usb_end"
Nothing works, setting MODE or setting authorized = 1.
*Note: You can consider the USB Optical Mouse as my test device i can later replace it with touchscreen attributes.
Please help me set a perfect rule for this and thank you in advance.
