[Private Browsing 2.0] Some trackers blocked by libnetcore aren't lis…

…ted in Privacy Report

https://bugs.webkit.org/show_bug.cgi?id=260024
rdar://112243760

Reviewed by Tim Horton and Matthew Finkel.

Currently, blocked tracking requests in Private Browsing mode are surfaced to Safari through the
navigation delegate method `-_webView:didFailLoadDueToNetworkConnectionIntegrityWithURL:`. Safari
then cross-references these URLs against another dataset of known trackers, and only shows blocked
domains in the Privacy Report UI, if the tracking domain matches one on this list. When blocking
CNAME-cloaked requests, this filtering means that unless the original request URL is itself a
known tracker, Safari will just omit this from the UI.

To fix this, we extract the host name of the endpoint that warranted blocking from libnetcore, and
replace the host name of the reported URL with this name instead: for instance, if "tracker.foo.com"
is a CNAME alias to "tracker.com", we'll report "tracker.com" instead of the original request,
"tracker.foo.com".

No new test, since this would require network request to a URL that's a CNAME alias, and which
mDNSResponder would map to a known tracking domain.

* Source/WebCore/PAL/PAL.xcodeproj/project.pbxproj:
* Source/WebCore/PAL/pal/PlatformMac.cmake:
* Source/WebCore/PAL/pal/spi/cocoa/NetworkSPI.h: Renamed from Source/WebKit/Platform/spi/Cocoa/NWSPI.h.

Move this header from WebKit into PAL, so we can use it below. We also rename the file to the
(slightly-less-mysterious) `NetworkSPI.h`.

* Source/WebCore/platform/network/cf/ResourceError.h:
(WebCore::ResourceError::blockedKnownTracker const):
(WebCore::ResourceError::blockedTrackerHostName const):
* Source/WebCore/platform/network/mac/ResourceErrorMac.mm:
(extractBlockedTrackerHostName):

Change the `m_blockedKnownTracker` flag to a string: `m_blockedTrackerHostName`. The null string
represents that the request was not blocked.

(WebCore::ResourceError::platformLazyInit):
(failureIsDueToTrackerBlocking): Deleted.
* Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp:
(WebKit::NetworkResourceLoader::didFailLoading):

Use the `blockedTrackerHostName()` above to replace the reported URL's host when reporting the
failing URL to the UI process via `NetworkProcessProxy::DidBlockLoadToKnownTracker`.

* Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm:
* Source/WebKit/NetworkProcess/webrtc/NetworkRTCTCPSocketCocoa.mm:
* Source/WebKit/NetworkProcess/webrtc/NetworkRTCUDPSocketCocoa.mm:
* Source/WebKit/NetworkProcess/webrtc/NetworkRTCUtilitiesCocoa.h:
* Source/WebKit/Platform/cocoa/WebPrivacyHelpers.mm:

Change `NWSPI.h` imports to `<pal/spi/cocoa/NWSPI.h>`.

* Source/WebKit/WebKit.xcodeproj/project.pbxproj:

Canonical link: https://commits.webkit.org/266789@main

Source/WebCore/PAL/PAL.xcodeproj/project.pbxproj

@@ -293,6 +293,7 @@
 		F4C85A4E2658551A005B89CC /* QuickLookUISoftLink.mm in Sources */ = {isa = PBXBuildFile; fileRef = F4C85A4C26585519005B89CC /* QuickLookUISoftLink.mm */; };
 		F4DDD01B264DC69E00EF1B91 /* DataDetectorsCoreSoftLink.mm in Sources */ = {isa = PBXBuildFile; fileRef = F4DDD019264DC69E00EF1B91 /* DataDetectorsCoreSoftLink.mm */; };
 		F4E0875C266ACA53000F814A /* DataDetectorsSoftLink.mm in Sources */ = {isa = PBXBuildFile; fileRef = F4E0875A266ACA53000F814A /* DataDetectorsSoftLink.mm */; };
+		F4EC01B22A85432D00DA295D /* NetworkSPI.h in Headers */ = {isa = PBXBuildFile; fileRef = F4EC01B12A85432D00DA295D /* NetworkSPI.h */; settings = {ATTRIBUTES = (Private, ); }; };
 /* End PBXBuildFile section */
 
 /* Begin PBXBuildRule section */
@@ -681,6 +682,7 @@
 		F4DDD01A264DC69E00EF1B91 /* DataDetectorsCoreSoftLink.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = DataDetectorsCoreSoftLink.h; sourceTree = "<group>"; };
 		F4E08759266ACA53000F814A /* DataDetectorsSoftLink.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = DataDetectorsSoftLink.h; sourceTree = "<group>"; };
 		F4E0875A266ACA53000F814A /* DataDetectorsSoftLink.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = DataDetectorsSoftLink.mm; sourceTree = "<group>"; };
+		F4EC01B12A85432D00DA295D /* NetworkSPI.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = NetworkSPI.h; path = pal/spi/cocoa/NetworkSPI.h; sourceTree = SOURCE_ROOT; };
 /* End PBXFileReference section */
 
 /* Begin PBXFrameworksBuildPhase section */
@@ -1022,6 +1024,7 @@
 				CDACB35F23873E480018D7CE /* MediaToolboxSoftLink.h */,
 				F47221F5276FC32300B984C7 /* NaturalLanguageSoftLink.h */,
 				F47221F6276FC32300B984C7 /* NaturalLanguageSoftLink.mm */,
+				F4EC01B12A85432D00DA295D /* NetworkSPI.h */,
 				31647FAF251759DC0010F8FB /* OpenGLSoftLinkCocoa.h */,
 				31647FAE251759DB0010F8FB /* OpenGLSoftLinkCocoa.mm */,
 				A1F63C9D21A4DBF7006FB43B /* PassKitSoftLink.h */,
@@ -1321,6 +1324,7 @@
 				DD20DE1627BC90D80093D175 /* MobileGestaltSPI.h in Headers */,
 				DD20DD2027BC90D60093D175 /* NaturalLanguageSoftLink.h in Headers */,
 				DD20DDF027BC90D70093D175 /* NEFilterSourceSPI.h in Headers */,
+				F4EC01B22A85432D00DA295D /* NetworkSPI.h in Headers */,
 				DD20DDF127BC90D70093D175 /* NotifySPI.h in Headers */,
 				DD20DDF227BC90D70093D175 /* NSAccessibilitySPI.h in Headers */,
 				DD20DE2327BC90D80093D175 /* NSAppearanceSPI.h in Headers */,

Source/WebCore/PAL/pal/PlatformMac.cmake

@@ -88,6 +88,7 @@ list(APPEND PAL_PUBLIC_HEADERS
     spi/cocoa/NSURLFileTypeMappingsSPI.h
     spi/cocoa/NSUserDefaultsSPI.h
     spi/cocoa/NSXPCConnectionSPI.h
+    spi/cocoa/NetworkSPI.h
     spi/cocoa/NotifySPI.h
     spi/cocoa/PassKitInstallmentsSPI.h
     spi/cocoa/PassKitSPI.h

Source/WebKit/Platform/spi/Cocoa/NWSPI.h → Source/WebCore/PAL/pal/spi/cocoa/NetworkSPI.h

@@ -38,6 +38,7 @@ void nw_parameters_set_source_application(nw_parameters_t, audit_token_t);
 void nw_parameters_set_source_application_by_bundle_id(nw_parameters_t, const char*);
 void nw_parameters_set_attributed_bundle_identifier(nw_parameters_t, const char*);
 nw_endpoint_t nw_endpoint_create_host_with_numeric_port(const char* hostname, uint16_t port_host_order);
+const char* nw_endpoint_get_known_tracker_name(nw_endpoint_t);
 bool nw_nat64_does_interface_index_support_nat64(uint32_t ifindex);
 
 void nw_parameters_set_is_third_party_web_content(nw_parameters_t, bool is_third_party_web_content);

Source/WebCore/platform/network/cf/ResourceError.h

@@ -55,7 +55,9 @@ class ResourceError : public ResourceErrorBase {
     WEBCORE_EXPORT NSError *nsError() const;
     WEBCORE_EXPORT operator NSError *() const;
 
-    bool blockedKnownTracker() const { return m_blockedKnownTracker; }
+    bool blockedKnownTracker() const { return !m_blockedTrackerHostName.isEmpty(); }
+    const String& blockedTrackerHostName() const { return m_blockedTrackerHostName; }
+
     WEBCORE_EXPORT ErrorRecoveryMethod errorRecoveryMethod() const;
 
     static bool platformCompare(const ResourceError& a, const ResourceError& b);
@@ -74,7 +76,7 @@ class ResourceError : public ResourceErrorBase {
 
     mutable RetainPtr<NSError> m_platformError;
     bool m_dataIsUpToDate { true };
-    bool m_blockedKnownTracker { false };
+    String m_blockedTrackerHostName;
 };
 
 } // namespace WebCore

Source/WebCore/platform/network/mac/ResourceErrorMac.mm

@@ -28,22 +28,34 @@
 
 #import <CoreFoundation/CFError.h>
 #import <Foundation/Foundation.h>
+#import <pal/spi/cocoa/NetworkSPI.h>
 #import <wtf/BlockObjCExceptions.h>
 #import <wtf/NeverDestroyed.h>
 #import <wtf/URL.h>
 #import <wtf/text/WTFString.h>
 
-static bool failureIsDueToTrackerBlocking(NSError *error)
+static String extractBlockedTrackerHostName(const URL& failingURL, NSError *error)
 {
 #if ENABLE(ADVANCED_PRIVACY_PROTECTIONS)
     for (NSError *underlyingError in error.underlyingErrors) {
-        if ([[underlyingError.userInfo objectForKey:@"_NSURLErrorBlockedTrackerFailureKey"] boolValue])
-            return true;
+        auto userInfo = underlyingError.userInfo;
+        if ([userInfo[@"_NSURLErrorBlockedTrackerFailureKey"] boolValue]) {
+            String blockedTrackerName;
+            if (id failingPath = userInfo[@"_NSURLErrorNWPathKey"]) {
+                auto failingEndpoint = adoptNS(nw_path_copy_effective_remote_endpoint(failingPath));
+                if (auto* hostName = nw_endpoint_get_known_tracker_name(failingEndpoint.get()))
+                    blockedTrackerName = String::fromUTF8(hostName);
+                else
+                    blockedTrackerName = failingURL.host().toString();
+            }
+            return blockedTrackerName;
+        }
     }
 #else
+    UNUSED_PARAM(failingURL);
     UNUSED_PARAM(error);
 #endif
-    return false;
+    return { };
 }
 
 @interface NSError (WebExtras)
@@ -220,7 +232,7 @@ - (void)encodeWithCoder:(NSCoder *)coder
     m_localizedDescription = m_failingURL.string();
     BEGIN_BLOCK_OBJC_EXCEPTIONS
     m_localizedDescription = [m_platformError _web_localizedDescription];
-    m_blockedKnownTracker = failureIsDueToTrackerBlocking(m_platformError.get());
+    m_blockedTrackerHostName = extractBlockedTrackerHostName(m_failingURL, m_platformError.get());
     END_BLOCK_OBJC_EXCEPTIONS
 
     m_dataIsUpToDate = true;

Source/WebKit/NetworkProcess/NetworkResourceLoader.cpp

@@ -1117,8 +1117,11 @@ void NetworkResourceLoader::didFailLoading(const ResourceError& error)
     if (m_parameters.pageHasResourceLoadClient)
         m_connection->networkProcess().parentProcessConnection()->send(Messages::NetworkProcessProxy::ResourceLoadDidCompleteWithError(m_parameters.webPageProxyID, resourceLoadInfo(), { }, error), 0);
 #if ENABLE(ADVANCED_PRIVACY_PROTECTIONS)
-    if (error.blockedKnownTracker())
-        m_connection->networkProcess().parentProcessConnection()->send(Messages::NetworkProcessProxy::DidBlockLoadToKnownTracker(m_parameters.webPageProxyID, error.failingURL()), 0);
+    if (error.blockedKnownTracker()) {
+        auto effectiveBlockedURL = error.failingURL();
+        effectiveBlockedURL.setHost(error.blockedTrackerHostName());
+        m_connection->networkProcess().parentProcessConnection()->send(Messages::NetworkProcessProxy::DidBlockLoadToKnownTracker(m_parameters.webPageProxyID, WTFMove(effectiveBlockedURL)), 0);
+    }
 #endif
     cleanup(LoadResult::Failure);
 }

Source/WebKit/NetworkProcess/cocoa/NetworkDataTaskCocoa.mm

@@ -32,7 +32,6 @@
 #import "Download.h"
 #import "DownloadProxyMessages.h"
 #import "Logging.h"
-#import "NWSPI.h"
 #import "NetworkIssueReporter.h"
 #import "NetworkProcess.h"
 #import "NetworkSessionCocoa.h"
@@ -47,6 +46,7 @@
 #import <WebCore/ResourceRequest.h>
 #import <WebCore/TimingAllowOrigin.h>
 #import <pal/spi/cf/CFNetworkSPI.h>
+#import <pal/spi/cocoa/NetworkSPI.h>
 #import <wtf/BlockPtr.h>
 #import <wtf/FileSystem.h>
 #import <wtf/MainThread.h>

Source/WebKit/NetworkProcess/webrtc/NetworkRTCTCPSocketCocoa.mm

@@ -31,10 +31,10 @@
 #include "DataReference.h"
 #include "LibWebRTCNetworkMessages.h"
 #include "Logging.h"
-#include "NWSPI.h"
 #include "NetworkRTCUtilitiesCocoa.h"
 #include <WebCore/STUNMessageParsing.h>
 #include <dispatch/dispatch.h>
+#include <pal/spi/cocoa/NetworkSPI.h>
 #include <wtf/BlockPtr.h>
 
 namespace WebKit {

Source/WebKit/NetworkProcess/webrtc/NetworkRTCUDPSocketCocoa.mm

@@ -31,11 +31,11 @@
 #include "DataReference.h"
 #include "LibWebRTCNetworkMessages.h"
 #include "Logging.h"
-#include "NWSPI.h"
 #include <WebCore/STUNMessageParsing.h>
 #include <dispatch/dispatch.h>
 #include <ifaddrs.h>
 #include <net/if.h>
+#include <pal/spi/cocoa/NetworkSPI.h>
 #include <wtf/BlockPtr.h>
 #include <wtf/SoftLinking.h>
 #include <wtf/ThreadSafeRefCounted.h>

Source/WebKit/NetworkProcess/webrtc/NetworkRTCUtilitiesCocoa.h

@@ -27,8 +27,8 @@
 
 #if USE(LIBWEBRTC)
 
-#include "NWSPI.h"
 #include <optional>
+#include <pal/spi/cocoa/NetworkSPI.h>
 #include <webrtc/rtc_base/dscp.h>
 #include <wtf/Forward.h>
 

Source/WebKit/Platform/cocoa/WebPrivacyHelpers.mm

@@ -29,10 +29,10 @@
 #if ENABLE(ADVANCED_PRIVACY_PROTECTIONS)
 
 #import "Logging.h"
-#import "NWSPI.h"
 #import <WebCore/DNS.h>
 #import <WebCore/LinkDecorationFilteringData.h>
 #import <pal/spi/cf/CFNetworkSPI.h>
+#import <pal/spi/cocoa/NetworkSPI.h>
 #import <wtf/BlockPtr.h>
 #import <wtf/NeverDestroyed.h>
 #import <wtf/RobinHoodHashMap.h>

Source/WebKit/WebKit.xcodeproj/project.pbxproj

@@ -922,7 +922,6 @@
 		41D129DA1F3D101800D15E47 /* WebCacheStorageProvider.h in Headers */ = {isa = PBXBuildFile; fileRef = 41D129D91F3D101400D15E47 /* WebCacheStorageProvider.h */; };
 		41DC45961E3D6E2200B11F51 /* NetworkRTCProvider.h in Headers */ = {isa = PBXBuildFile; fileRef = 41DC45941E3D6E1E00B11F51 /* NetworkRTCProvider.h */; };
 		41DC459C1E3DBB2800B11F51 /* LibWebRTCSocketClient.h in Headers */ = {isa = PBXBuildFile; fileRef = 41DC459A1E3DBB2400B11F51 /* LibWebRTCSocketClient.h */; };
-		41DD72AB2682167300A90C71 /* NWSPI.h in Headers */ = {isa = PBXBuildFile; fileRef = 41DD72AA2682167300A90C71 /* NWSPI.h */; };
 		41E0A7CB23B645CD00561060 /* WebSocketChannel.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 417915AC2256BB7400D6F97E /* WebSocketChannel.cpp */; };
 		41E242E026E0C908009A8C64 /* NetworkRTCUtilitiesCocoa.mm in Sources */ = {isa = PBXBuildFile; fileRef = 41E242DF26E0C904009A8C64 /* NetworkRTCUtilitiesCocoa.mm */; };
 		41F060E11654318500F3281C /* WebSocketChannelMessageReceiver.cpp in Sources */ = {isa = PBXBuildFile; fileRef = 41F060DD1654317500F3281C /* WebSocketChannelMessageReceiver.cpp */; };
@@ -4620,7 +4619,6 @@
 		41DC45A01E3DC53C00B11F51 /* WebRTCResolver.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = WebRTCResolver.cpp; path = Network/webrtc/WebRTCResolver.cpp; sourceTree = "<group>"; };
 		41DD72A6267B8C3000A90C71 /* NetworkRTCUDPSocketCocoa.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = NetworkRTCUDPSocketCocoa.mm; sourceTree = "<group>"; };
 		41DD72A7267B8C3100A90C71 /* NetworkRTCUDPSocketCocoa.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = NetworkRTCUDPSocketCocoa.h; sourceTree = "<group>"; };
-		41DD72AA2682167300A90C71 /* NWSPI.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = NWSPI.h; sourceTree = "<group>"; };
 		41E0A7C623B6397800561060 /* LibWebRTCCodecsProxy.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = LibWebRTCCodecsProxy.h; sourceTree = "<group>"; };
 		41E0A7C723B6397900561060 /* LibWebRTCCodecsProxy.messages.in */ = {isa = PBXFileReference; lastKnownFileType = text; path = LibWebRTCCodecsProxy.messages.in; sourceTree = "<group>"; };
 		41E0A7C823B6397900561060 /* LibWebRTCCodecsProxy.mm */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.cpp.objcpp; path = LibWebRTCCodecsProxy.mm; sourceTree = "<group>"; };
@@ -9817,7 +9815,6 @@
 				574217912400E098002B303D /* LocalAuthenticationSPI.h */,
 				57B826402304EB3E00B72EB0 /* NearFieldSPI.h */,
 				3754D5441B3A29FD003A4C7F /* NSInvocationSPI.h */,
-				41DD72AA2682167300A90C71 /* NWSPI.h */,
 				F4EB4AFC269CD23600D297AE /* OSStateSPI.h */,
 				5CB6AE432609799C00B6ED5A /* ReasonSPI.h */,
 				0E97D74C200E8FF300BF6643 /* SafeBrowsingSPI.h */,
@@ -14559,7 +14556,6 @@
 				1C20936022318CB000026A39 /* NSAttributedString.h in Headers */,
 				1C2184022233872800BAC700 /* NSAttributedStringPrivate.h in Headers */,
 				3754D5451B3A29FD003A4C7F /* NSInvocationSPI.h in Headers */,
-				41DD72AB2682167300A90C71 /* NWSPI.h in Headers */,
 				BC8ACA1316670D89004C1941 /* ObjCObjectGraph.h in Headers */,
 				3AE104C029CBC8BB00661165 /* OriginQuotaManager.h in Headers */,
 				93085DCA26E29775000EC6A7 /* OriginStorageManager.h in Headers */,