List of system privileges

OK, thanks a lot for you help! I'll get in touch via DTS soon.

Honestly, I think your life would be easier if you switched to the
iOS-style keychain.

After digging into this some more I’ve learnt that this isn’t an option: The iOS-style keychain is not available to macOS daemons. NE sysexes are effectively daemons, and thus can’t use the iOS-style keychain )-: Like all daemons, they are restricted to using the file-based keychain.

Additionally, an NE sysex is sandboxed, so it will run into sandbox violations if it tries to use the System keychain. This is the source of the EPERM (100001) error reported by jaroslavqwerty. I don’t have any clear advice on how to get around this right now — the situation is still evolving — so if you run into this problem then please post a follow-up on this thread.

Share and Enjoy
—
Quinn “The Eskimo!” @ Developer Technical Support @ Apple 761174737
let myEmail = "eskimo" + "1" + "@apple.com"

As I see there are more people interested in this topic in other threads, here is what works from inside the System Extension to save/load password to/from the Keychain:

Save password:

var query = [String: Any]()
query[kSecAttrAccessGroup as String] = accessGroup
query[kSecAttrService as String] = context
query[kSecClass as String] = kSecClassGenericPassword
query[kSecAttrAccount as String] = username
query[kSecAttrAccessible as String] = kSecAttrAccessibleAfterFirstUnlock
query[kSecValueData as String] = password.data(using: .utf8)
let status = SecItemAdd(query as CFDictionary, nil)

Load password:

var query = [String: Any]()
query[kSecAttrAccessGroup as String] = accessGroup
query[kSecAttrService as String] = context
query[kSecClass as String] = kSecClassGenericPassword
query[kSecAttrAccount as String] = username
query[kSecMatchLimit as String] = kSecMatchLimitOne
query[kSecReturnData as String] = true
var result: AnyObject?
switch SecItemCopyMatching(query as CFDictionary, &result) {

Password appears in the System keychain