Hey there-
I'm writing some software to perform hashing of installed applications, and want to ignore Apple's preloaded (SIP protected) applications, so that I don't get false alarms when a user upgrades macOS (they're sufficiently protected already). Is there any way to programmatically determine which application paths are protected by SIP, or a test that doesn't involve trying to write to them? I had initially thought that examining the codesign for "Software Signing" would be sufficient, but as it turns out some components of Xcode (such as ld) are also signed with that cert. I couldn't find a sandbox profile anywhere referencing these either.
Jonathan
