Transparent Proxy Provider, signing identifiers, and WebKit

How could I tell that a com.apple.WebKit.Networking process is related to our process?

There isn’t a general-purpose responsible process API. If you search DevForums, you’ll find numerous places where I’ve talked about this notion before.

I note that the Endpoint Security Framework has added a "responsible" audit token, presumably for this sort of situation.

Right. IIRC your product includes an ES client so you could take advantage of that.

Otherwise, it would be nice if NEFlowMetaData had similar info and I encourage you to file an enhancement request along those lines.

Please post your bug number, just for the record.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

There isn’t a general-purpose responsible process API. If you search DevForums, you’ll find numerous places where I’ve talked about this notion before.

Is "responsible process API" a good thing to search for? (I'm not a good searcher.)

your product includes an ES client

It should, but we still have not gotten it, thus my asking a month or two ago if anyone had gotten it. Nobody responded either way.

FB10025641. Also, I see some suggestions about WKProcessPool -- does that end up being my process, or is it another launchd-created one?

FB10025641

Thanks.

Also, I see some suggestions about WKProcessPool -- does that end up being my process, or is it another launchd-created one?

WKProcessPool is an interface to group the helper processes created by WKWebView. Those processes are always managed by launchd.

If you’re curious about the background to this, I highly recommend watching WWDC 2018 Session 207 Strategies for Securing Web Content.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple
let myEmail = "eskimo" + "1" + "@" + "apple.com"

Sigh and alas.