Add logging SAC state at the start of build

src/Framework/NativeMethods.cs

@@ -54,6 +54,9 @@ internal static class NativeMethods
     private const string WINDOWS_FILE_SYSTEM_REGISTRY_KEY = @"SYSTEM\CurrentControlSet\Control\FileSystem";
     private const string WINDOWS_LONG_PATHS_ENABLED_VALUE_NAME = "LongPathsEnabled";
 
+    private const string WINDOWS_SAC_REGISTRY_KEY = @"SYSTEM\CurrentControlSet\Control\CI\Policy";
+    private const string WINDOWS_SAC_VALUE_NAME = "VerifiedAndReputablePolicyState";
+
     internal static DateTime MinFileDate { get; } = DateTime.FromFileTimeUtc(0);
 
     internal static HandleRef NullHandleRef = new HandleRef(null, IntPtr.Zero);
@@ -661,6 +664,72 @@ private static LongPathsStatus IsLongPathsEnabledRegistry()
         }
     }
 
+    internal static SAC_State GetSACState()
+    {
+        if (IsWindows)
+        {
+            try
+            {
+                return GetSACStateRegistry();
+            }
+            catch
+            {
+                return SAC_State.Missing;
+            }
+        }
+
+        return SAC_State.NotApplicable;
+    }
+
+    [SupportedOSPlatform("windows")]
+    private static SAC_State GetSACStateRegistry()
+    {
+        SAC_State SACState = SAC_State.Missing;
+
+        using (RegistryKey policyKey = Registry.LocalMachine.OpenSubKey(WINDOWS_SAC_REGISTRY_KEY))
+        {
+            object sacValue = policyKey?.GetValue(WINDOWS_SAC_VALUE_NAME, 0);
+            if (policyKey != null)
+            {
+                SACState = Convert.ToInt32(sacValue) switch
+                {
+                    0 => SAC_State.Off,
+                    1 => SAC_State.Enforcement,
+                    2 => SAC_State.Evaluation,
+                    _ => SAC_State.Missing,
+                };
+            }
+        }
+        return SACState;
+    }
+
+    /// <summary>
+    /// State of Smart App Control (SAC) on the system.
+    /// </summary>
+    internal enum SAC_State
+    {
+        /// <summary>
+        /// 0: SAC is off.
+        /// </summary>
+        Off,
+        /// <summary>
+        /// 1: SAC is on and enforcing.
+        /// </summary>
+        Enforcement,
+        /// <summary>
+        /// 2: SAC is on and in evaluation mode.
+        /// </summary>
+        Evaluation,
+        /// <summary>
+        /// The registry key is missing.
+        /// </summary>
+        Missing,
+        /// <summary>
+        /// Not on Windows.
+        /// </summary>
+        NotApplicable 
+    }
+
     /// <summary>
     /// Cached value for IsUnixLike (this method is called frequently during evaluation).
     /// </summary>

src/MSBuild.UnitTests/XMake_Tests.cs

@@ -1169,6 +1169,11 @@ public void MSBuildEngineLogger()
                 logFileContents.ShouldContain("Current directory = ");
                 logFileContents.ShouldContain("MSBuild version = ");
                 logFileContents.ShouldContain("[Hello]");
+
+                if (NativeMethodsShared.IsWindows)
+                {
+                    logFileContents.ShouldContain("Based on the Windows registry key VerifiedAndReputablePolicyState, SAC state = ");
+                }
             }
             finally
             {

src/MSBuild/Resources/Strings.resx

@@ -1783,6 +1783,19 @@
   <data name="LongPaths_Missing" xml:space="preserve">
     <value>not set</value>
   </data>
+  <data name="SAC" xml:space="preserve">
+    <value>Based on the Windows registry key VerifiedAndReputablePolicyState, SAC state = {0}.</value>
+    <comment>"Windows" is the OS, SAC is the Smart App Control, "VerifiedAndReputablePolicyState" should not be localized</comment>
+  </data>
+  <data name="SAC_Evaluation" xml:space="preserve">
+    <value>2: in evaluation</value>
+  </data>
+  <data name="SAC_Enforcement" xml:space="preserve">
+    <value>1: in enforcement</value>
+  </data>
+  <data name="SAC_Off" xml:space="preserve">
+    <value>0: turned off</value>
+  </data>
   <!-- **** TerminalLogger strings end **** -->
     <!--
         The command line message bucket is: MSB1001 - MSB1999