* LinkDemand

cas1.cs		LinkDemand on Main (entrypoint) is ignored
cas2.cs		LinkDemand restricted by RequestRefuse -> Unhandled
cas3.cs		Partial execution before (handled) exception
cas6.cs		LinkDemand on constructor (newobj)
cas7.cs		Instance method used via delegate (ldftn)
cas8.cs		Instance virtual method used via delegate (ldvirtftn)
cas9.cs		Static method used via delegate (ldftn)
cas10.cs	Original source code JMP sample (can't be used directly)
cas10.il	Modified source to use JMP - not assembled ATM -
		see source file (cas10.cs) for details

refcas1.cs	Reflection on a method protected by LinkDemand (granted)
refcas2.cs	Reflection on a method protected by LinkDemand (failure).
		GetMethod returns null because of assembly RequestRefuse.
refcas3.cs	Reflection on a method protected by LinkDemand (failure).
		GetMethod returns non-null because the LinkDemand doesn't go 
		up enough the stack.
refcas4.cs	Based on refcas3.cs. Getting the MethodInfo is allowed but
		invoking it later is restricted.
refcas5.cs	Based on refcas5.cs. Test that invokation requires a Demand
		and not a LinkDemand when reflection is used.

noncas1.cs	Non CAS (PrincipalPermission) on class (success)
noncas2.cs	Non CAS (PrincipalPermission) on class (failure)
noncas3.cs	Non CAS (PrincipalPermission) on method (success)
noncas4.cs	Non CAS (PrincipalPermission) on method (failure)

Those are the "common" case for LinkDemand (i.e. using user supplied 
declarative security attributes).


and now the special cases...


* InternalCall

icall1.cs	Define an (existing) private icall and try to execute it.
icall2.cs	Use reflection to execute an private icall.
icall3.cs	Define an (existing) public icall and try to execute it.
icall4.cs	Like icall3.cs but use reflection to execute the public icall.
icall5.cs	Like icall3.cs but RequestRefuse UnmanagedCode permission.
icall6.cs	Like icall4.cs but RequestRefuse UnmanagedCode permission.

- Private icalls cannot be called by re-defining them (exact rule unknown,
  it may be ECMA key related but I'm not 100% sure anymore). Trying to do so
  throws a (catch-able) SecurityException.
- UnmanagedCode permission has _no_ effect on executing icalls.
- Reflection can be used to call internal calls (even when private).


* P/Invoke

pinvoke1.cs	Call native code in a class with [SUCS] attribute
pinvoke2.cs	Call native code in a method with [SUCS] attribute
pinvoke3.cs	Call native code RequestRefuse UnmanagedCode permission 
		which results in an unhandled SecurityException
pinvoke4.cs	Call native code RequestRefuse UnmanagedCode permission
		which results in an SecurityException

A little know fact is that P/Invoke does a LinkDemand (JIT time) and not
only a Demand (runtime). The JIT time check isn't subject to be cancelled
by the [SuppressUnmanagedCodeSecurity] attribute.

- With Mono runtime the native function getuid is called in libc
- With MS runtime the native function GetTickCount is called in kernel32.dll


* [AllowPartiallyTustedCallers] a.k.a. APTC

aptc1.cs	Calling a strongnamed with APTC (corlib) method [1].
aptc2.cs	Calling a strongnamed without APTC (aptclib) method.
aptclib.cs	The strongnamed, but without APTC, test library.

The files aptc1.cs and aptc2.cs are compiled twice. 

The first time the files are compiled without restrictions (e.g. they have
FullTrust by default). The second time SkipVerification is refused at the
asssembly level (i.e. resulting in less than FullTrust). This means that the
security manager (if active) will allow the call to succeed _only if_

	(a) the calling assembly has FullTrust;
	(b) the called assembly has a [AllowPartiallyTustedCallers] attribute

[1] For example an unsigned assembly can calls System.Console.WriteLine only
because mscorlib.dll contains the [AllowPartiallyTustedCallers].
