Demanding a Custom Permission
To cause the runtime to perform security checks on code that attempts to access the resource protected by your custom code access permission, you must place security demands for the custom code access permission in your code. Security demands can be imperative or declarative; both cause the runtime to walk the call stack to see that all callers in the stack have the permission that is being demanded.
If your code simply calls a secure system library that exposes a protected resource, you do not need to demand a permission just because the library exposes the resource protected by that permission. It is the library's responsibility to demand that your code and all its callers have the necessary permission. However, if your code calls a system library and asserts a permission that is demanded by the library (effectively causing a security check for that permission to succeed), then it must either demand that permission of its callers or otherwise ensure that security is not compromised.
For more information about when to make security demands, see Security Demands.