udev: mark all ccid/security devices with a special tag

This adds a udev tag that is supposed to be attached to all devices
that might potentially expose a PKCS#11 slot, i.e. CCID smartcards and
similar. We can then use the appearance of devices of this type as
trigger to rescan PKCS#11 slots.

diff --git a/rules.d/60-fido-id.rules b/rules.d/60-fido-id.rules
index fcf507970416b0c893669bdb62917ac569dfbccb..c7d5d2ff1dd0dcfbd9d2ea33980490258519d45c 100644 (file)
--- a/rules.d/60-fido-id.rules
+++ b/rules.d/60-fido-id.rules
@@ -4,4 +4,10 @@ ACTION=="remove", GOTO="fido_id_end"
 
 SUBSYSTEM=="hidraw", IMPORT{program}="fido_id"
 
+# Tag any form of security token as such
+ENV{ID_SECURITY_TOKEN}=="1", TAG+="security-device"
+
+# Tag any CCID device (i.e. Smartcard Reader) as security token
+SUBSYSTEM=="usb", ATTR{bInterfaceClass}=="0b", TAG+="security-device"
+
 LABEL="fido_id_end"