I have a basic Qubes 4.1.2 setup with sys-usb. However (while understanding the security risk), there are specific USB devices I would like dom0 to have access to (or rather be exposed to) such as: USB audio devices, USB monitors (used for multi-monitor setup), or basically any other USB device of my choosing. Also, I want to still have the functionality of sys-usb for other USB deivces that are not attached to dom0. How can I achieve this?
I know that I can give dom0 access to specific USB controllers as outlined here: USB qubes | Qubes OS. However I don’t see this as a practical approach too what I want to achieve as this would expose dom0 to an entire USB controller and all of it’s devices.
I’ve also experimented with adding different configurations to the “qubes.USB” rpc-policy (located in /etc/qubes-rpc/policy/) but with little success. I was even thinking of re-building Qubes OS from source with my own modifications but that would be to much of a hassle. If anyone can assist me with this that would be great.