[11u]: Backport of RFR 8211122: Reduce the number of internal classes made accessible to jdk.unsupported (and JDK-8205537 and JDK-8211121)

[Alan Bateman]

On 24/06/2019 15:23, Langer, Christoph wrote:
> :
> The original issues didn't have CSRs attached but it really feels CSRish. Let me know whether I shall create CSRs as you're still sorting out the process.
The sun.applet package was JDK internal so no CSR required to change or 
remove anything in that package. That said, we've historically been 
cautious about changing internal classes too much in update releases, 
mostly because it was never clear what/who might be using them directly. 
It's a bit easier since we moved the platform to modules but we aren't 
yet at the point where the standard and JDK modules are fully 
encapsulated at run-time.

As part of JEP 260 we put sun.reflect.ReflectionFactory into the 
"Critical internal API" bucket (with sun.misc.Unsafe and a few others) 
as it provides functionality that custom serialization libraries have 
been using. I think the CORBA bridge was the main user of 
newConstructorForSerialization. We neglected to remove the method in JDK 
11 when removing java.corba module. It was removed in JDK 12 and that 
change should probably should have had a CSR (we wouldn't remove 
anything from sun.misc.Signal or sun.misc.Unsafe without a CSR). I'm not 
involved in JDK updates but I don't think it's a good idea to attempt to 
remove this in an update release.

-Alan