Hello,
I'm using an NEFilterDataProvider to filter the HTTP/S flow of applications (based on bundleId). With the help of this forum, I can now retrieve the bundleId of the application's flow from the audit_token (sourceAppAuditToken). Unfortunately, for some applications (e.g., Safari), I get the bundleId of the isolated process that uses WebKit, but I would like to retrieve the bundleId of the responsible process (Safari).
My current solution is to obtain the responsible PID of the WebKit process and then retrieve the bundleId from this PID (SecCodeCopyGuestWithAttributes).
What is the correct way to get the bundleId of the responsible process?