I'm looking for a solution to install a binary on a macOS system where System Integrity Protection (SIP) is enabled, and the target installation location is protected by SIP. I need to achieve this without booting into recovery mode to disable SIP.
Is there any method to achieve this, such as by creating separate packages that can handle SIP-protected locations, developing or using installer applications capable of navigating SIP constraints, leveraging specific entitlements or permissions to facilitate the installation, or utilising Mobile Device Management (MDM) solutions for deployment?
If anyone has experience or insights on any reliable ways to accomplish this, please share any detailed steps, tools, or best practices that could be useful.