The INSTALL_ROOT setting is what worked for me.

So at least Zoom and Skype have disabled library validation to allow DAL plugins, for now, but we're still not able to provide those for Safari or FaceTime (at least on 10.14, which is what I checked), or Chrome, which is a pretty major holdout with this. @ieo my research indicates that a kext could be made that emulates a UVC (USB Video Class) device, which should be picked up by CoreMedia without a 3rd party DAL plugin. However, this seems like a daunting task, and is not a great proposition from either a stability or security perspective, either.

@couture.visicom I have filed a bug report as FB8183080 - http://www.openradar.me/FB8183080 and a DTS case (741882936) that came back as "no workaround at this time." So I guess we're still in limbo! In the meantime, though, at least Zoom and Skype have disabled library validation, so that DAL plugins work with at least those apps. Web browsers are still an issue, though.

As there is no apparent solution, yet, I also filed a bug as radr://FB8183080

Have you heard of any updates? I've also filed a DTS case on this, but no case file, yet. I am also looking at how it might be possible run a deamon that checks and disables code signing on the known apps, eg. Zoom, Skype, etc, and disables it, possibly with a user prompt, but I would put that squarely in the sketchy, last resort category, as it is very intrusive and definitely not improving security.