On 5/22/18 3:36 AM, Peter Levart wrote:
In jl.Class:
3911 // returning a different class requires a security check
3912 SecurityManager sm = System.getSecurityManager();
3913 if (sm != null) {
3914 checkPackageAccess(sm,
3915 ClassLoader.getClassLoader(Reflection.getCallerClass()), true);
3916 }
...so here the "different" class is expected to be in the same package
as "this" class. Is this invariant enforced in VM so it need not be
checked here?
This permission check is to prevent leaking out nest host/members that
are not accessible to any caller even it may get a hold of this class in
package p.
Mandy