Mouse should not use sys-usb, this USB should be for untrusted usb devices. The mouse should be on a dedicated controller.
In Dom0:
lsusb
should give you the controller bound to it. The mouse (and possibly keyboard) needs to be attached to one of the port of that controller. The other ports should be bound to controllers attached to sys-usb.
But in general the keyboard and mouse are PS2 attached I think...
>
> I don't see what kind of security gain you get from using your mouse on
> a different controller (if you have the chance to have several ones,
> that is). The worst cases would be that:
>
> - you use your mouse to enter sensitive stuff on a virtual keyboard; but
> 1- the attacker has no way to know the screen location and layout of
> your virtual keyboard, and 2- even if he managed to understand what you
> "typed" it would be very difficult for him to get that info back because
> sys-usb isn't networked.
>
> - your compromised external mouse advertises itself as a keyboard and
> issue commands on your behalf (is that even possible?). But the mouse
> doesn't know which window is focused, what app you're using, etc., so
> the chance that its "commands" ever do something bad to your system
> without you noticing anything is close to 0.
[Ctrl] + [Esc]
6x [Down]
your mouse can play around ;) (on XFCE)
My point was that you have trusted IHM devices (Keyboard, Mouse, Graphics card) that Dom0 connect to and non-trusted (such as sys-net sys-usb). Apologies if it came across badly.
The only suggestion is to make screen lock when idle after a minute or two, to prevent someone using mouse maliciously when you are not looking. Probably should do the same for wireless mouse.
Have you tried unplugging and replugging and see if the mouse proxy message pops up to allow it? Make sure the mouse proxy installed and working correctly. https://www.qubes-os.org/doc/usb/
https://github.com/QubesOS/qubes-app-linux-input-proxy