"Allow a keyboard-only USB device only if there isn’t already a USB device with a keyboard interface allowed" may cause harm #350
Description
https://usbguard.github.io/documentation/rule-language
Allow a keyboard-only USB device only if there isn’t already a USB device with a keyboard interface allowed
allow with-interface one-of { 03:00:01 03:01:01 } if !allowed-matches(with-interface one-of { 03:00:01 03:01:01 })
My device example:
#1 id xxxx:xxxx serial "" name "Input Receiver" hash "xxxx" parent-hash "xxxx" via-port "X" with-interface { 03:01:01 03:01:02 } <---
#2 id xxxx:xxxx serial "" name "Mouse" hash "xxxx" parent-hash "xxxx" via-port "X" with-interface { 03:01:02 03:00:01 03:01:01 }
usb mouse
#3 id xxxx:xxxx serial "" name "Keyboard" hash "xxxx" parent-hash "xxxx" via-port "X with-interface 03:01:01
usb keyboard
The first one is actually a PC's power switch button. Your USBguard rule will allow 1 and will reject 2 or 3!
Either removing such example, or at least add a warning like "check 'usbguard list-devices' before applying"