I'm developing a macOS FileProvider extension which provides decrypted views of folders encrypted by our main application. If the user logs out of our app, the FileProvider re-enumerates the encrypted folder, replacing all the plain-text item names with their on-disk encrypted names, and any attempts to open an encrypted file will return encrypted garbage. This all works successfully for the most part.
But if a given file has already been opened before the logout, the system still has its decrypted contents as a materialized item -- and while it won't open in its normal application, an "Open With" can still view the decrypted contents.
Basically, is there a way to force the system to invalidate and remove the materialised copy of an item? At the moment I'm tracking all items in my working set, and not tracking materialised items separately... do I need to implement a separate set? Is it as simple as preserving the URL of any item whose contents I fetch, and then deleting that URL?
Including the item in the set of re-enumerated items when the parent folder calls enumerateChanges doesn't seem to be enough to indicate that local contents are now invalid. How do I do that?