Refactor status package to use portbase/runtime.

core/base/global.go

@@ -9,7 +9,6 @@ import (
 	"github.com/safing/portbase/dataroot"
 	"github.com/safing/portbase/info"
 	"github.com/safing/portbase/modules"
-	"github.com/safing/portbase/modules/subsystems"
 )
 
 // Default Values (changeable for testing)
@@ -66,8 +65,5 @@ func globalPrep() error {
 	// set api listen address
 	api.SetDefaultAPIListenAddress(DefaultAPIListenAddress)
 
-	// set subsystem status dir
-	subsystems.SetDatabaseKeySpace("core:status/subsystems")
-
 	return nil
 }

firewall/prompt.go

@@ -46,18 +46,16 @@ func prompt(conn *network.Connection, pkt packet.Packet) { //nolint:gocognit //
 		// do not save response to profile
 		saveResponse = false
 	} else {
-		// create new notification
-		n = (&notifications.Notification{
-			ID:      nID,
-			Type:    notifications.Prompt,
-			Expires: time.Now().Add(nTTL).Unix(),
-		})
+		var (
+			msg     string
+			actions []notifications.Action
+		)
 
 		// add message and actions
 		switch {
 		case conn.Inbound:
-			n.Message = fmt.Sprintf("Application %s wants to accept connections from %s (%d/%d)", conn.Process(), conn.Entity.IP.String(), conn.Entity.Protocol, conn.Entity.Port)
-			n.AvailableActions = []*notifications.Action{
+			msg = fmt.Sprintf("Application %s wants to accept connections from %s (%d/%d)", conn.Process(), conn.Entity.IP.String(), conn.Entity.Protocol, conn.Entity.Port)
+			actions = []notifications.Action{
 				{
 					ID:   permitServingIP,
 					Text: "Permit",
@@ -68,8 +66,8 @@ func prompt(conn *network.Connection, pkt packet.Packet) { //nolint:gocognit //
 				},
 			}
 		case conn.Entity.Domain == "": // direct connection
-			n.Message = fmt.Sprintf("Application %s wants to connect to %s (%d/%d)", conn.Process(), conn.Entity.IP.String(), conn.Entity.Protocol, conn.Entity.Port)
-			n.AvailableActions = []*notifications.Action{
+			msg = fmt.Sprintf("Application %s wants to connect to %s (%d/%d)", conn.Process(), conn.Entity.IP.String(), conn.Entity.Protocol, conn.Entity.Port)
+			actions = []notifications.Action{
 				{
 					ID:   permitIP,
 					Text: "Permit",
@@ -81,11 +79,11 @@ func prompt(conn *network.Connection, pkt packet.Packet) { //nolint:gocognit //
 			}
 		default: // connection to domain
 			if pkt != nil {
-				n.Message = fmt.Sprintf("Application %s wants to connect to %s (%s %d/%d)", conn.Process(), conn.Entity.Domain, conn.Entity.IP.String(), conn.Entity.Protocol, conn.Entity.Port)
+				msg = fmt.Sprintf("Application %s wants to connect to %s (%s %d/%d)", conn.Process(), conn.Entity.Domain, conn.Entity.IP.String(), conn.Entity.Protocol, conn.Entity.Port)
 			} else {
-				n.Message = fmt.Sprintf("Application %s wants to connect to %s", conn.Process(), conn.Entity.Domain)
+				msg = fmt.Sprintf("Application %s wants to connect to %s", conn.Process(), conn.Entity.Domain)
 			}
-			n.AvailableActions = []*notifications.Action{
+			actions = []notifications.Action{
 				{
 					ID:   permitDomainAll,
 					Text: "Permit all",
@@ -100,8 +98,8 @@ func prompt(conn *network.Connection, pkt packet.Packet) { //nolint:gocognit //
 				},
 			}
 		}
-		// save new notification
-		n.Save()
+
+		n = notifications.NotifyPrompt(nID, msg, actions...)
 	}
 
 	// wait for response/timeout

nameserver/takeover.go

@@ -47,11 +47,10 @@ func checkForConflictingService() error {
 	// wait for a short duration for the other service to shut down
 	time.Sleep(10 * time.Millisecond)
 
-	// notify user
-	(&notifications.Notification{
-		ID:      "nameserver-stopped-conflicting-service",
-		Message: fmt.Sprintf("Portmaster stopped a conflicting name service (pid %d) to gain required system integration.", pid),
-	}).Save()
+	notifications.NotifyInfo(
+		"namserver-stopped-conflicting-service",
+		fmt.Sprintf("Portmaster stopped a conflicting name service (pid %d) to gain required system integration.", pid),
+	)
 
 	// restart via service-worker logic
 	return fmt.Errorf("%w: stopped conflicting name service with pid %d", modules.ErrRestartNow, pid)

resolver/config.go

@@ -57,19 +57,19 @@ var (
 	cfgOptionNameServersOrder = 0
 
 	CfgOptionNoAssignedNameserversKey   = "dns/noAssignedNameservers"
-	noAssignedNameservers               status.SecurityLevelOption
+	noAssignedNameservers               status.SecurityLevelOptionFunc
 	cfgOptionNoAssignedNameserversOrder = 1
 
 	CfgOptionNoMulticastDNSKey   = "dns/noMulticastDNS"
-	noMulticastDNS               status.SecurityLevelOption
+	noMulticastDNS               status.SecurityLevelOptionFunc
 	cfgOptionNoMulticastDNSOrder = 2
 
 	CfgOptionNoInsecureProtocolsKey   = "dns/noInsecureProtocols"
-	noInsecureProtocols               status.SecurityLevelOption
+	noInsecureProtocols               status.SecurityLevelOptionFunc
 	cfgOptionNoInsecureProtocolsOrder = 3
 
 	CfgOptionDontResolveSpecialDomainsKey   = "dns/dontResolveSpecialDomains"
-	dontResolveSpecialDomains               status.SecurityLevelOption
+	dontResolveSpecialDomains               status.SecurityLevelOptionFunc
 	cfgOptionDontResolveSpecialDomainsOrder = 16
 
 	CfgOptionNameserverRetryRateKey   = "dns/nameserverRetryRate"
@@ -122,6 +122,7 @@ Parameters:
 
 	err = config.Register(&config.Option{
 		Name:           "DNS Server Retry Rate",
+		Key:            CfgOptionNameserverRetryRateKey,
 		Description:    "Rate at which to retry failed DNS Servers, in seconds.",
 		OptType:        config.OptTypeInt,
 		ExpertiseLevel: config.ExpertiseLevelExpert,
@@ -154,7 +155,7 @@ Parameters:
 	if err != nil {
 		return err
 	}
-	noMulticastDNS = status.ConfigIsActiveConcurrent(CfgOptionNoMulticastDNSKey)
+	noMulticastDNS = status.SecurityLevelOption(CfgOptionNoMulticastDNSKey)
 
 	err = config.Register(&config.Option{
 		Name:           "Do not use assigned Nameservers",
@@ -173,7 +174,7 @@ Parameters:
 	if err != nil {
 		return err
 	}
-	noAssignedNameservers = status.ConfigIsActiveConcurrent(CfgOptionNoAssignedNameserversKey)
+	noAssignedNameservers = status.SecurityLevelOption(CfgOptionNoAssignedNameserversKey)
 
 	err = config.Register(&config.Option{
 		Name:           "Do not resolve insecurely",
@@ -192,7 +193,7 @@ Parameters:
 	if err != nil {
 		return err
 	}
-	noInsecureProtocols = status.ConfigIsActiveConcurrent(CfgOptionNoInsecureProtocolsKey)
+	noInsecureProtocols = status.SecurityLevelOption(CfgOptionNoInsecureProtocolsKey)
 
 	err = config.Register(&config.Option{
 		Name:           "Do not resolve special domains",
@@ -211,7 +212,7 @@ Parameters:
 	if err != nil {
 		return err
 	}
-	dontResolveSpecialDomains = status.ConfigIsActiveConcurrent(CfgOptionDontResolveSpecialDomainsKey)
+	dontResolveSpecialDomains = status.SecurityLevelOption(CfgOptionDontResolveSpecialDomainsKey)
 
 	return nil
 }

status/autopilot.go

@@ -0,0 +1,36 @@
+package status
+
+import "context"
+
+var runAutoPilot = make(chan struct{})
+
+func triggerAutopilot() {
+	select {
+	case runAutoPilot <- struct{}{}:
+	default:
+	}
+}
+
+func autoPilot(ctx context.Context) error {
+	for {
+		select {
+		case <-ctx.Done():
+			return nil
+		case <-runAutoPilot:
+		}
+
+		selected := SelectedSecurityLevel()
+		mitigation := getHighestMitigationLevel()
+
+		active := SecurityLevelNormal
+		if selected != SecurityLevelOff {
+			active = selected
+		} else if mitigation != SecurityLevelOff {
+			active = mitigation
+		}
+
+		setActiveLevel(active)
+
+		pushSystemStatus()
+	}
+}