I wonder if XtraFinder will be able to pull this off again under macOS 11 (Big Sur).
AFAICT there are two new security hardenings in Big Sur related to our case:
- Library Validation: the Finder binary is newly marked as a platform binary, so system prevents loading/injecting any non-platform code into it even with SIP fully disabled, see how to disable it here: macOS Big Sur and TotalFinder
- Signed System Volume: https://eclecticlight.co/2020/06/25/big-surs-signed-system-volume-added-security-protection
If I remember correctly, XtraFinder relies on the fact that FileProvider framework loads extra “plugins” from this location[1] without checking for apple/platform signatures. Maybe Apple had a reason to not check for the signatures, so they could not easily fix it. Even if this is still the case under Big Sur, it seems with Signed System Volume filesystem-level modification of anything under /System will be a royal pain in the ass…
Let’s see. I would reconsider implementing it if there was a sane way how to circumvent SIP in Finder injection case.
[1] /System/Library/PrivateFrameworks/FileProvider.framework/OverrideBundle.