Carrier locks work at SoC/bootloader level. In simple terms the modem - which has its own Baseband Processor - is tuned to certain frequencies / bands or programmed to register with only one MCC/MNC which identifies a universally unique carrier. MCC/MNC is part of IMSI which is stored on SIM card and used in initial authentication process when device goes online.
Both modem (which is integrated in SoC) and SIM (which is a Java card Secure Element) are completely isolated from Application Processor (the one on which Android OS runs);
they have their own processors, OS and possibly storage. Modem's communication protocol (through RIL) is usually vendor-specific and closed source (used to be simply ATC in good old days). Communication to SIM (APDU commands) is also routed through BP. So the unlocking workarounds aren't very straightforward but hacks do exist and they work, usually through special hardware/software.
Mostly modems accept some kind of dial code for SIM unlock, which is calculated by passing phone's IMEI through some mathematical functions, which are cracked by hackers sometimes. Another approach is to communicate with modem thorough some service mode e.g. Diagnostic Mode (DM) on Qualcomm SoC's (see this recent example), or possibly go even below that and directly use UART/JTAG entirely bypassing Android OS. So there is no standardization and official/unofficial unlocking methods largely vary from vendor to vendor and device to device.