Skip to content

Make some SystemPolicy APIs visible but non-op on Unix so that they can be included in PowerShellStandard.Library #25051

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Mar 4, 2025
Merged

Make some SystemPolicy APIs visible but non-op on Unix so that they can be included in PowerShellStandard.Library #25051

merged 3 commits into from
Mar 4, 2025

Conversation

daxian-dbw
Copy link
Member

@daxian-dbw daxian-dbw commented Feb 19, 2025
edited
Loading

PR Summary

Some SystemPolicy APIs are useful outside of PowerShell, for example, the ThreadJob module depends on them to determine when to block a thread job from running. However, they are not included in the PowerShellStandard.Library package because they are Windows-only API so far. So, it's hard for a module to use it -- it has to invoke those method with reflection.

In order to include them in the PowerShellStandard.Library package, those APIs need to be available on both Windows and Unix platforms, so this PR make them visible but non-op on Unix, so that they can be included in PowerShellStandard.Library the next time we update that package.

class SystemPolicy
{
    public static SystemEnforcementMode GetSystemLockdownPolicy();
    public static SystemEnforcementMode GetLockdownPolicy(string path, SafeHandle handle);
    public static SystemScriptFileEnforcement GetFilePolicyEnforcement(string filePath, FileStream fileStream);
}

[Update] As pointed out in #25051 (comment), the GetFilePolicyEnforcement method is not available in Windows 5.1 on Win10 or Windows Server 2022. So, we probably should only include GetSystemLockdownPolicy and GetLockdownPolicy in PowerShellStandard.Library for the short/middle term. After Windows 10 and Windows Server 2022 reach EOL (or when the method becomes available on them) we can then add the GetFilePolicyEnforcement method to the package.

PR Checklist

@daxian-dbw daxian-dbw added the CL-General Indicates that a PR should be marked as a general cmdlet change in the Change Log label Feb 19, 2025
@daxian-dbw
Copy link
Member Author

@SeeminglyScience Where shall we open issues to track the changes needed for PowerShellStandard.Library package? The old repo https://github.com/[PowerShell/PowerShellStandard](https://github.com/PowerShell/PowerShellStandard) was archived. Maybe we should remove it from the archived state?

@iSazonov
Copy link
Collaborator

Perhaps we could annotate them with SupportedOSPlatformAttribute.

@jborean93
Copy link
Collaborator

How will this work across the Windows versions? The GetFilePolicyEnforcement method is not present in the baseline PowerShell 5.1 install and seems to have been introduced with Windows 11/Server 2025. What will happen if I am running on Server 2022 or Windows 10 and call that API?

@daxian-dbw
Copy link
Member Author

daxian-dbw commented Feb 21, 2025
edited
Loading

That's a very good point. I wasn't aware of it.
Then I think we only include GetSystemLockdownPolicy and GetLockdownPolicy to the PowerShellStandard.Library package for now. When Win10 and Windows Server 2022 reach EOL, we can create a new version of the package to include the GetFilePolicyEnforcement API.

[update] Opened the issue PowerShell/PowerShellStandard#103 to track the change to PowerShellStandard.Library.

@daxian-dbw daxian-dbw mentioned this pull request Feb 21, 2025
Open
TravisEz13
TravisEz13 reviewed Mar 4, 2025
View reviewed changes
TravisEz13
TravisEz13 approved these changes Mar 4, 2025
View reviewed changes
Copy link
Member

@TravisEz13 TravisEz13 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved, but waiting on @SeeminglyScience to verify one thing.

TravisEz13
TravisEz13 reviewed Mar 4, 2025
View reviewed changes
@daxian-dbw @TravisEz13
Update src/System.Management.Automation/CoreCLR/CorePsStub.cs
8161cb7 
Co-authored-by: Travis Plunk <travis.plunk@microsoft.com>
TravisEz13
TravisEz13 approved these changes Mar 4, 2025
View reviewed changes
Copy link
Member

@TravisEz13 TravisEz13 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reviewed with @SeeminglyScience

@daxian-dbw daxian-dbw merged commit 0e6ffc5 into PowerShell:master Mar 4, 2025
32 checks passed
@daxian-dbw daxian-dbw deleted the asmi-apis branch March 4, 2025 01:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TravisEz13 TravisEz13 TravisEz13 approved these changes

@SeeminglyScience SeeminglyScience Awaiting requested review from SeeminglyScience

Assignees
No one assigned
Labels
CL-General Indicates that a PR should be marked as a general cmdlet change in the Change Log
Projects
PowerShell Team Reviews/Investigations
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@daxian-dbw @iSazonov @jborean93 @TravisEz13