Open Radar

 
Summary:
The attached sample application tries to determine whether the current device has a PIN/passcode set by writing an item to the keychain with the kSecAttrAccessibleWhenPasscodeSetThisDeviceOnly attribute set, and then reads it back.  If the read-back is successful, the device has a PIN/passcode set.  This code works great on iOS 8, but on iOS 9 beta 5 I see spurious error return codes from the keychain API including errSecDuplicateItem and errSecParam.  Additionally I see numerous console error messages from securityd along the lines of "SecDbRecordChange db <SecDbConnection rw open> changed outside txn".

Steps to Reproduce:
1. Unzip and build the attached sample app.
2. Run the sample app on an iOS 9 beta 5 device that has a device PIN/passcode set.
3. Tap on the "Run Test" button to start a timer loop executing the code in question every 0.1 seconds. 
4. Observe the device console log while running the app over an extended period.
5. You can also set a breakpoint in the error cases in the method devicePINStatus in UIDevice+DevicePIN.m


Expected Results:
devicePINStatus should *always* return DevicePINStatusEnabled, and there should be no error messages in the console logs.

Actual Results:
On an iOS 8 device this runs perfectly.
On an iOS 9 meta 5 device I see spurious errors from the keychain API

Version:
iOS 9 beta 5

Notes:


Configuration:
iOS 9 beta 5 device is an iPad Air 2, iOS 8 device is an iPad 2 WiFi running 8.4.1

Attachments:
'DocTest2.zip' was successfully uploaded.