Chromium has the raw-usb plug to enable the webusb API. While trying to use it I experienced two problems:
- If the raw-usb plug is not connected, Chromium can still enumerate USB devices via udev and will present them in its own permissions dialog. However, when you grant it permission, any attempt to access the devices will fail with permission denied.
This is confusing for the user as there is no indication that the raw-usb plug needs to be connected and it looks as if Chromium already has USB permissions because the devices show up. But really it only has access to udev and not the devices themselves.
- If the usbmon kernel debug module is loaded, Chromium udev enumeration will cause apparmor errors because it tries to scan the usbmon endpoints:
[3701471.283584] audit: type=1400 audit(1606101844.664:6015): apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c508:4" pid=3120526 comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[3701471.283636] audit: type=1400 audit(1606101844.664:6016): apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c508:2" pid=3120526 comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[3701471.283700] audit: type=1400 audit(1606101844.664:6017): apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c508:0" pid=3120526 comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[3701471.283786] audit: type=1400 audit(1606101844.664:6018): apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c508:7" pid=3120526 comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[3701471.283869] audit: type=1400 audit(1606101844.664:6019): apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c508:5" pid=3120526 comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
[3701471.283982] audit: type=1400 audit(1606101844.664:6020): apparmor="DENIED" operation="open" profile="snap.chromium.chromium" name="/run/udev/data/c508:3" pid=3120526 comm="ThreadPoolForeg" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
Chromium will then print this on stderr:
[3121487:3121626:1123/032552.888385:ERROR:udev_watcher.cc(97)] Failed to begin udev enumeration.
After this, Chromium will never see any USB devices, even if raw-usb plug is connected. To make USB work you have to unload usbmon and restart Chromium.