* LinkDemand cas1.cs LinkDemand on Main (entrypoint) is ignored cas2.cs LinkDemand restricted by RequestRefuse -> Unhandled cas3.cs Partial execution before (handled) exception cas6.cs LinkDemand on constructor (newobj) cas7.cs Instance method used via delegate (ldftn) cas8.cs Instance virtual method used via delegate (ldvirtftn) cas9.cs Static method used via delegate (ldftn) cas10.cs Original source code JMP sample (can't be used directly) cas10.il Modified source to use JMP - not assembled ATM - see source file (cas10.cs) for details refcas1.cs Reflection on a method protected by LinkDemand (granted) refcas2.cs Reflection on a method protected by LinkDemand (failure). GetMethod returns null because of assembly RequestRefuse. refcas3.cs Reflection on a method protected by LinkDemand (failure). GetMethod returns non-null because the LinkDemand doesn't go up enough the stack. refcas4.cs Based on refcas3.cs. Getting the MethodInfo is allowed but invoking it later is restricted. refcas5.cs Based on refcas5.cs. Test that invokation requires a Demand and not a LinkDemand when reflection is used. noncas1.cs Non CAS (PrincipalPermission) on class (success) noncas2.cs Non CAS (PrincipalPermission) on class (failure) noncas3.cs Non CAS (PrincipalPermission) on method (success) noncas4.cs Non CAS (PrincipalPermission) on method (failure) Those are the "common" case for LinkDemand (i.e. using user supplied declarative security attributes). and now the special cases... * InternalCall icall1.cs Define an (existing) private icall and try to execute it. icall2.cs Use reflection to execute an private icall. icall3.cs Define an (existing) public icall and try to execute it. icall4.cs Like icall3.cs but use reflection to execute the public icall. icall5.cs Like icall3.cs but RequestRefuse UnmanagedCode permission. icall6.cs Like icall4.cs but RequestRefuse UnmanagedCode permission. - Private icalls cannot be called by re-defining them (exact rule unknown, it may be ECMA key related but I'm not 100% sure anymore). Trying to do so throws a (catch-able) SecurityException. - UnmanagedCode permission has _no_ effect on executing icalls. - Reflection can be used to call internal calls (even when private). * P/Invoke pinvoke1.cs Call native code in a class with [SUCS] attribute pinvoke2.cs Call native code in a method with [SUCS] attribute pinvoke3.cs Call native code RequestRefuse UnmanagedCode permission which results in an unhandled SecurityException pinvoke4.cs Call native code RequestRefuse UnmanagedCode permission which results in an SecurityException A little know fact is that P/Invoke does a LinkDemand (JIT time) and not only a Demand (runtime). The JIT time check isn't subject to be cancelled by the [SuppressUnmanagedCodeSecurity] attribute. - With Mono runtime the native function getuid is called in libc - With MS runtime the native function GetTickCount is called in kernel32.dll * [AllowPartiallyTustedCallers] a.k.a. APTC aptc1.cs Calling a strongnamed with APTC (corlib) method [1]. aptc2.cs Calling a strongnamed without APTC (aptclib) method. aptclib.cs The strongnamed, but without APTC, test library. The files aptc1.cs and aptc2.cs are compiled twice. The first time the files are compiled without restrictions (e.g. they have FullTrust by default). The second time SkipVerification is refused at the asssembly level (i.e. resulting in less than FullTrust). This means that the security manager (if active) will allow the call to succeed _only if_ (a) the calling assembly has FullTrust; (b) the called assembly has a [AllowPartiallyTustedCallers] attribute [1] For example an unsigned assembly can calls System.Console.WriteLine only because mscorlib.dll contains the [AllowPartiallyTustedCallers].