A variation of hidden use involves changing from one permission to another. The standard File class requires the appropriate FileIOPermission before doing file operations, yet it uses system APIs to actually handle files. This is implemented by the library classes as a combination of the above two methods: first a demand of the resource permission ensures that callers have the needed permissions, then the trusted class code asserts its still higher permission to call system APIs to carry out the operation.
The effect of the demand and assert is to take the underlying high-permission operation (system API use) and constrain it to a specific case (file operations) where a demand for a lesser permission will suffice. Again, the highly trusted code making the “shift” between permissions is vouching for the safety of this security level transition. In return, partially trusted code can be enabled to use a rich subset of functionality without compromising security.