[kmeisthax]

The problem isn't that TCC grants a Unix file permission bypass - because it doesn't, at least not on it's own. The problem is that ordinary users can create APFS snapshots via Time Machine, and then mount them with Unix permissions disabled (noowners). When Apple was told about this they decided to gate the snapshot mounting stuff... behind Full Disk Access, not being an admin. And Finder has FDA, because of course it does, otherwise users wouldn't be able to use their own filesystem rights at all.

All of this smacks of different parts of the macOS core team not understanding their security model. One half seems to think Full Disk Access just means "has the user's file system permissions instead of sandboxed access" (hence why Finder has it), while the other thinks it means "access the whole disk, regardless of other permissions". Both interpretations are reasonable but become unreasonable when combined into a single system.