Many class libraries are implemented as fully trusted code that wraps platform specific functionality such as COM or system APIs as managed objects; being fully-trusted this code is absolutely a potential weakness to the security of the entire system and consequently deserves careful design and review. In a very real sense, placing a heavy security burden on a relatively small set of class libraries and the underlying core runtime security allows the larger body of managed code to acquire the security benefits in that managed code only represents a potential security threat in proportion to the level of trust granted to it.
A common class library security scenario is a fully trusted class that exposes a resource that is protected by a permission; the actual resource is accessed by a native code API. Again, the typical example would be a File class that uses Win32 file API to do some file operation such as delete. The following shows the steps taken to protect the resource.