I mean I already knew something was weird when I couldnt su into root and do... root things without a bios hack on a Mac. Thats just not how Unix works at all... The whole concept of root is you are root no exceptions.
That's absolutely not true. For instance, the BSDs have the notion of securelevels (https://man.openbsd.org/securelevel.7) which severely limits what even the root user can do. SELinux can do a lot of the same things.
I don't know about bsd, but there's lots of documentation on how selinux works (including source code) and information on how to alter its behavior in a fine-grained fashion. and selinux doesn't leave itself a backdoor (as far as the nsa has told us)
That's a different issue, though. Today, booting into macOS is similar to booting into a BSD with securelevel=1 enabled, or into Linux with SELinux set up not to allow modifying files in /bin or such.
Ah I'm more familiar with Linux so that's my bad, it was still a shocking and annoying observation I had. It doesn't fully bother me cause I never even need full on root on a Mac but this one time I did and having to tell my wife (girlfriend at the time) how to do all of that over the phone was just suspect, just so she could root a tablet that had a kill switch (Nvidia Shield Tablet).