I'm developing an application extension for an already released mac application. I need to share the keychain items between the application and extension. I am able to successfully "share" the keychain items between the application and extension in terms of reading the items. The problem is when I trying to remove the keychain items from the application.
Both the application and extension have a keychain-access-group specified in the entitlements and are specifying the access group with the application prefix when making calls to SecItemCopyMatching, SecItemAdd, and SecItemDelete.
Basically the keychain items are created and deleted from the application. The extension only reads the keychain items via SecItemCopyMatching. The problem is that any items the extension reads, can't be deleted by the application later, as SecItemDelete fails with the below error.
SecItemDelete returns -25244, which is "Invalid attempt to change the owner of this item"
I can't find any documentation of what this error means, or why calling SecItemCopyMatching would change the "owner" of the keychain items to the extension.
FYI, I am using UIKeyChainStore for interacting with the keychain, though at this time I don't believe it is the cause of the problem.