System Integrity Protection is a security feature in macOS that protects the system shipped by Apple. By protecting access to system locations and restricting runtime attachment to system processes, this security policy guards against compromise — whether accidental or by malicious code.
macOS applies this security policy to every process running on the system, regardless of whether it’s running with administrative privileges or running unsandboxed.
If your app is distributed through the Mac App Store, System Integrity Protection has no impact because App Sandbox security policies are more restrictive.
If your app is not distributed through the Mac App Store, System Integrity Protection may have an impact.
At a Glance
This document covers the key concepts of System Integrity Protection and explains the implications it has on the design and capabilities of apps.
System Locations Cannot Be Written To
System files can be modified only by system processes signed with Apple’s code signing identity. App processes should instead write to locations designated for third-party developers.
Relevant Chapter: File System Protections
System Processes Cannot Be Attached To
System binaries can be modified only by Apple Installer and Software Update from Apple-provided packages, and no longer permit runtime attachment or code injection.
Relevant Chapter: Runtime Protections
Kernel Extensions Must Be Signed
Kernel extensions must be signed with a Developer ID for Signing Kexts certificate.
Relevant Chapter: Kernel Extensions
System Integrity Protection Is Configured On Recovery OS
Security configuration is stored in NVRAM, and applies to the entire machine Persists across OS install. You can enable and disable System Integrity Protection by booting to Recovery OS and running the
Relevant Chapter: Configuring System Integrity Protection
Read Security Overview to understand the technologies used to make macOS secure.
For more information about kernel extensions, read the Kernel Programming Guide.