From f573629c0bba7cb3cbd49f149945e802c136788a Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 5 Nov 2019 16:42:57 +0100
Subject: [PATCH] udev: mark all ccid/security devices with a special tag

This adds a udev tag that is supposed to be attached to all devices
that might potentially expose a PKCS#11 slot, i.e. CCID smartcards and
similar. We can then use the appearance of devices of this type as
trigger to rescan PKCS#11 slots.
---
 rules.d/60-fido-id.rules | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/rules.d/60-fido-id.rules b/rules.d/60-fido-id.rules
index fcf50797041..c7d5d2ff1dd 100644
--- a/rules.d/60-fido-id.rules
+++ b/rules.d/60-fido-id.rules
@@ -4,4 +4,10 @@ ACTION=="remove", GOTO="fido_id_end"
 
 SUBSYSTEM=="hidraw", IMPORT{program}="fido_id"
 
+# Tag any form of security token as such
+ENV{ID_SECURITY_TOKEN}=="1", TAG+="security-device"
+
+# Tag any CCID device (i.e. Smartcard Reader) as security token
+SUBSYSTEM=="usb", ATTR{bInterfaceClass}=="0b", TAG+="security-device"
+
 LABEL="fido_id_end"