Webrev: http://cr.openjdk.java.net/~mchung/jdk9/webrevs/8020801/webrev.00/
The big hammer check disallowing MethodHandles::lookup be called by system classes defined by the bootstrap class loader was added as defense-in-depth to prevent this caller-sensitive method being called from JDK internal classes via Method::invoke. It was intended as a point fix and to be replaced with a long-term approach. Lookup.privateLookupIn() returns a Lookup object and IAE is thrown if the lookup class is almost all java.* and sun.* [1]. We should fix this in JDK 9. This patch replaces this restriction and now allow MethodHandles::lookup to be called statically by any code. But disallow Method::invoke of MethodHandles.lookup from system classes defined by the bootstrap class loader e.g. java.base. It is expected that no reflective call to MethodHandles::lookup is made by the system classes and so this approach would provide a better mechanism as a defense-in-depth. Mandy [1] http://mail.openjdk.java.net/pipermail/jigsaw-dev/2017-April/012267.html
