Security Attribute Declaration
ILAsm syntax offers two forms of security attribute declaration: as separate permissions and as permission sets. The owner of the security attribute is the item whose scope contains the security attribute declaration. The syntax for the permission declaration is as follows:
.permission <sec_action> <class_ref> [(<name_value_pairs>)]
where <sec_action> is one of the security action keywords listed in the preceding section, <class_ref> is a class reference to the attribute class associated with the permission class, and optional <name_value_pairs> define the values of the attribute class’s properties, as shown here:
<name_value_pairs> ::= <nv_pair>[,<nv_pair>*] <nv_pair> ::= <prop_name> = <prop_value>
<prop_name> is the property name of the attribute class, specified as a quoted string. The form of <prop_value> depends on the type of property:
<prop_value> ::= true false // For Boolean properties <int32> int32(<int32>) // For integer properties <class_ref> (<int32>) // For enumerated properties, // <class_ref> specifies the enumerator <class_ref>(<int_type> : <int32>) // <int_type>::=int8 // int16 int32 <quoted_string> // For string properties
For example:
.method private void WriteToSystemDrive(string Str2BWritten) { .permission demand [mscorlib]System.Security.Permissions.FileIOPermissionAttribute = ("Write"="C:\\") }
The ILAsm compiler combines separate .permission declarations into permission sets before emitting the DeclSecurity metadata. However, a permission set can be declared explicitly using
.permissionset <sec_action> = ( <hexbytes> )
where <hexbytes> is a byte array representing the PermissionSet blob. This byte array is usually fairly long—a “live” example would take a couple of pages. To see such an example, you can simply disassemble any .NET Framework assembly (Mscorlib.dll or System.dll, for instance) and have a look.
Given that the PermissionSet blob is in fact a Unicode-encoded XML representation of the permission set, use of <hexbytes> in the permission set declaration is another obvious shortcoming of ILAsm, which should be corrected in future releases.
The IL Disassembler always uses the .permissionset directive to reflect the DeclSecurity metadata records.