--- old/src/share/classes/java/lang/reflect/ReflectPermission.java 2013-04-11 15:12:15.000000000 -0700
+++ new/src/share/classes/java/lang/reflect/ReflectPermission.java 2013-04-11 15:12:15.000000000 -0700
@@ -26,12 +26,7 @@
package java.lang.reflect;
/**
- * The Permission class for reflective operations. A
- * ReflectPermission is a named permission and has no
- * actions. The only name currently defined is {@code suppressAccessChecks},
- * which allows suppressing the standard Java language access checks
- * -- for public, default (package) access, protected, and private
- * members -- performed by reflected objects at their point of use.
+ * The Permission class for reflective operations.
*
* The following table
* provides a summary description of what the permission allows,
@@ -47,11 +42,21 @@
*
*
* suppressAccessChecks |
- * ability to access
- * fields and invoke methods in a class. Note that this includes
- * not only public, but protected and private fields and methods as well. |
+ * ability to suppress the standard Java language access checks
+ * on fields and methods in a class; allow access not only public members
+ * but also allow access to default (package) access, protected,
+ * and private members. |
* This is dangerous in that information (possibly confidential) and
- * methods normally unavailable would be accessible to malicious code. |
+ * methods normally unavailable would be accessible to malicious code.
+ *
+ *
+ * newProxyInPackage.{package name} |
+ * ability to create a proxy instance in the specified package of which
+ * the non-public interface that the proxy class implements. |
+ * This gives code access to classes in packages to which it normally
+ * does not have access and the dynamic proxy class is in the system
+ * protection domain. Malicious code may use these classes to
+ * help in its attempt to compromise security in the system. |
*
*
*
@@ -63,6 +68,7 @@
* @see Field#set
* @see Method#invoke
* @see Constructor#newInstance
+ * @see Proxy#newProxyInstance
*
* @since 1.2
*/