I mean I already knew something was weird when I couldnt su into root and do... root things without a bios hack on a Mac. Thats just not how Unix works at all... The whole concept of root is you are root no exceptions.
That's absolutely not true. For instance, the BSDs have the notion of securelevels (https://man.openbsd.org/securelevel.7) which severely limits what even the root user can do. SELinux can do a lot of the same things.
I don't know about bsd, but there's lots of documentation on how selinux works (including source code) and information on how to alter its behavior in a fine-grained fashion. and selinux doesn't leave itself a backdoor (as far as the nsa has told us)
That's a different issue, though. Today, booting into macOS is similar to booting into a BSD with securelevel=1 enabled, or into Linux with SELinux set up not to allow modifying files in /bin or such.