Executing the following code:
May lead to surprising results. The output is:
It appears that the RemovePermission call didn't actually remove the registry permission. That can't be right can it?
Lets take a step back and look at what's actually going on here. First we create an unrestricted permission set, and write that out to the console. However, notice how FullTrust is represented as a permission set with the unrestricted flag set to true. The CLR uses this representation rather than have the FullTrust set contain all of the permissions in their unrestricted state for several reasons
Because of those factors, we decided to create a special FullTrust flag that would mean FullTrust regardless of the version of the runtime in use, or which special permissions are installed on the machine. Internally, this flag also lets us make certain optimizations inside the CLR when evaluating demands.
So now that we've established that the FullTrust set doesn't actually contain any permissions per say, it becomes more clear why the call to RemovePermission did not do anything. The FullTrust set doesn't actually contain a ReflectionPermission, so when we call RemovePermission asking it to take away the ReflectionPermission there's nothing to do. This can be easily verified by examining the return value from the RemovePermission call:
Running this shows:
Which means that no permission was actually removed. Hopefully this behavior, which at first seems pretty counter-intuitive, makes a little more sense when you look at it from the inside out.