Member-only story
Snake&Apple X.NU
Introduction to macOS hybrid kernel XNU
INTRO
Welcome to another article in the series on macOS security internals!
Up to this point, we have focused on userland, examining mechanisms safeguarding macOS at the application layer, such as Code Signing or TCC.
Some of the described features, such as Quarantine, AMFI, or Sandbox, are implemented as kernel extensions that bridge userland and kernel operations.
In this article, we transition from userland to kernel space, focusing on XNU — the core of macOS. We will discuss why XNU is considered a hybrid kernel by examining its integration of the Mach and BSD components.
It was hard to describe everything here, so I split this article into pieces. I placed the links in the text, making it easy to follow while reading. Still, there is much to do, as it only briefly introduces the macOS kernel world!
The table below summarizes all of the subjects described in this article: