Policy setting for all-code that grants the Everything permission constitutes a special setting that effectively turns off security. Turning security off means that all permission checks are either skipped completely or succeed. (Use of this special case policy avoids need to a separate on/off state for security policy. Implementation may special-case this policy setting using an internal flag to skip security processing wherever possible.)