I've been developing an MacOS app for a while and everything was going smoothly until one of the testers reported that the app was crashing on launch.
After investigation, we discovered that he had System Integrity Protection disabled. I could reproduce the error by disabling SIP:
Library not loaded: @rpath/myframework.framework/myframework
Referenced from: <4C129258-1BF8-3D30-9AFE-BF4206D0A767> /Applications/MyApp.app/Contents/MacOS/MyApp
Reason: , (security policy does not allow @ path expansion)
(terminated at launch; ignore backtrace)
The app launches normally if I reenable SIP.
I can't find information about "security policy does not allow @ path expansion".
I'll appreciate if someone can point me in the right direction.
There are two factors that come into play here: the restrictions the OS places on your binary because of its privilege, and the protections that are applied to your binary based on its configuration.
The OS starts restricting use of @ path expansion when your process is restricted because of its privilege. That means it has restricted entitlements, a __restrict section or is setuid/setgid.
The normal way to get @ path expansion allowed again is to have "Library Validation" enabled. Now, if your app is opted into the Hardened Runtime, and SIP is on, then your app gets Library Validation by default. When you turn SIP Off, Hardened Runtime protections are no longer applied so your app loses Library Validation.
You can force library validation on explicitly by adding "-o library" to the "Other Code Signing Flags" configuration item in Xcode for your target.