SecurityManager.checkPackageAccess for qualified exports

Langer, Christoph christoph.langer at
Fri May 12 07:16:26 UTC 2017

Hi all,

while playing with the security manager (using in Java 9 and testing platform modules that we have added specifically in our build, I came across the following thing:

As we are using some stuff from jdk.internal, I get the AccessControlException: "exception access denied ("java.lang.RuntimePermission" "accessClassInPackage.jdk.internal.misc")" in several places, even if my code runs priviledged. I figured that I need to grant permission "permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc"" to my module. I was looking around where this restriction comes from and learned the following in the documentation of SecurityManager.checkPackageAccess:

Implementation Note:
This implementation also restricts all non-exported packages of modules loaded by the platform class loader<> or its ancestors. A "non-exported package" refers to a package that is not exported to all modules. Specifically, it refers to a package that either is not exported at all by its containing module or is exported in a qualified fashion by its containing module.

Reading this, I'm wondering whether the implementation should implicitly grant package access for modules that a package in question was exported to in a qualified fashion? Now one ends up having to additionally add specific permissions which can easily be forgot.

Any comments? Shouldn't that be improved?

Best regards

More information about the jigsaw-dev mailing list