Consider include `SystemPolicy.GetSystemLockdownPolicy()` and `SystemPolicy.GetLockdownPolicy(string, SafeHandle)` in the `PowerShellStandard.Library`

[daxian-dbw]

Summary of the new feature / enhancement

class SystemPolicy
{
    public static SystemEnforcementMode GetSystemLockdownPolicy();
    public static SystemEnforcementMode GetLockdownPolicy(string path, SafeHandle handle);
    public static SystemScriptFileEnforcement GetFilePolicyEnforcement(string filePath, FileStream fileStream);
}

SystemPolicy.GetSystemLockdownPolicy() and SystemPolicy.GetLockdownPolicy(string, SafeHandle) are useful methods for a binary module when the module needs to take into account the WDAC environment, such as Microsoft.PowerShell.ThreadJob. However, when building ThreadJob module against PowerShellStandard.Library, we have to call those 2 methods by reflection.

I understand they are not included today because those APIs don't exist on Unix platforms. PowerShell/PowerShell#25051 make those methods available on Unix platforms as stubs which always return SystemEnforcementMode.None. So, after 7.5 reaches EOL, we can publish a new PowerShellStandard.Library package to include those 2 methods.

---

As for the GetFilePolicyEnforcement method, it's a little special (see PowerShell/PowerShell#25051 (comment)).

The GetFilePolicyEnforcement method is not available in Windows 5.1 on Win10 or Windows Server 2022. So, we probably should only include GetSystemLockdownPolicy and GetLockdownPolicy in PowerShellStandard.Library for the short/middle term. After Windows 10 and Windows Server 2022 reach EOL (or when the method becomes available on them) we can then add the GetFilePolicyEnforcement method to the package.

Proposed technical implementation details (optional)

No response

[daxian-dbw]

For whoever working on this, please talk to @TravisEz13 to learn whether the GetFilePolicyEnforcement method will be backported to down-level Windows, and if it will, when that would be done.