koekeishiya/yabai

System Integrity Protection

koekeishiya opened this issue · 0 comments

The following features of yabai require System Integrity Protection to be (partially) disabled:

  • focus/move/swap/create/destroy space
  • remove window shadows
  • enable window transparency
  • enable window animations
  • scratchpad windows
  • control window layers (make windows appear topmost or on the desktop)
  • sticky windows (make windows appear on all spaces on the display that contains the window)
  • toggle picture-in-picture for any given window

If you do not care about the above set of features you can use yabai just fine without touching SIP settings.

I am aware of solutions that try to re-create some of these features without touching SIP, but the reality is that there is no way to implement said features properly without functional limitations, when SIP is enabled.

Now.. Why do these features require SIP to be disabled:

The entire spaces system in macOS is implemented in Dock.app, but uses some underlying API calls that are implemented in SkyLight.framework. To properly interact with spaces we need to inject code into the Dock process such that we are able to modify and update these internal datastructures.

In addition to this the Dock process is also flagged as a universal owner; its connection to the WindowServer has elevated privileges and is authorized to modify window properties that can otherwise only be set by the application whom the window belongs to.

To inject code into the Dock we use the mach APIs; in particular task_for_pid. With access to the task port we are able to load our own code into that process' address space to add additional capabilities. Injection is in-memory only and it does not alter any file on disk.