ii.20-declarative-security.md

II.20 Declarative security

Many languages that target the CLI use attribute syntax to attach declarative security attributes to items in the metadata. This information is actually converted by the compiler into an XML-based representation that is stored in the metadata, see §II.22.11. By contrast, ilasm requires the conversion information to be represented in its input.

SecurityDecl ::=
.permissionset SecAction = '(' Bytes ')'
| .permission SecAction TypeReference '(' NameValPairs ')'

NameValPairs ::=
NameValPair [ ',' NameValPair ]*

NameValPair ::=
SQSTRING '=' SQSTRING

In .permission, TypeReference specifies the permission class and NameValPairs specifies the settings. See §II.22.11

In .permissionset the bytes specify the encoded version of the security settings:

SecAction ::=	Description
assert	Assert permission so that callers do not need it.
| demand	Demand permission of all callers.
| deny	Deny permission so checks will fail.
| inheritcheck	Demand permission of a derived class.
| linkcheck	Demand permission of caller.
| permitonly	Reduce permissions so check will fail.
| reqopt	Request optional additional permissions.
| reqrefuse	Refuse to be granted these permissions.