On mobile devices, USB host mode is not the default. Instead, the Linux gadget stack is active.
Gadgets allow an operating system to act as any USB device type, provided there is driver support.
Here is a good overview of the kernel gadget stack: https://www.kernel.org/doc/html/v4.19/driver-api/usb/gadget.html
Gadget drivers (drivers/usb/gadget/function) register to the USB composite driver (drivers/usb/gadget/composite.c) via the DECLARE_USB_FUNCTION_INIT macro. The composite driver is easily configured by ConfigFS (drivers/usb/gadget/configfs.c), which can be mounted and exposed to userspace. This allows userspace to easily attach and modify gadget parameters just by reading and writing files. This is how Android manages its gadget configuration (Android platform/system/core/rootdir/init.usb.configfs.rc).
As a side note, ConfigFS isn't strictly required. There are legacy ways of mounting gadgets (see this presentation: Kernel USB Gadget Configfs Interface)
To be able to guard against gadget function exposure when not needed, there isn't a kernel-level API like USB authentication available. I'm not sure a userspace only addition to USBGuard would do the trick. Hardening the gadget stack would likely require some USB hooks in the kernel to be able to centrally enforce policy, regardless of ConfigFS directory contents.
On mobile devices, USB host mode is not the default. Instead, the Linux gadget stack is active.
Gadgets allow an operating system to act as any USB device type, provided there is driver support.
Here is a good overview of the kernel gadget stack: https://www.kernel.org/doc/html/v4.19/driver-api/usb/gadget.html
Gadget drivers (drivers/usb/gadget/function) register to the USB composite driver (drivers/usb/gadget/composite.c) via the
DECLARE_USB_FUNCTION_INITmacro. The composite driver is easily configured by ConfigFS (drivers/usb/gadget/configfs.c), which can be mounted and exposed to userspace. This allows userspace to easily attach and modify gadget parameters just by reading and writing files. This is how Android manages its gadget configuration (Android platform/system/core/rootdir/init.usb.configfs.rc).As a side note, ConfigFS isn't strictly required. There are legacy ways of mounting gadgets (see this presentation: Kernel USB Gadget Configfs Interface)
To be able to guard against gadget function exposure when not needed, there isn't a kernel-level API like USB authentication available. I'm not sure a userspace only addition to USBGuard would do the trick. Hardening the gadget stack would likely require some USB hooks in the kernel to be able to centrally enforce policy, regardless of ConfigFS directory contents.