--- old/src/share/classes/java/lang/ClassLoader.java	Wed Aug 22 13:19:25 2012
+++ new/src/share/classes/java/lang/ClassLoader.java	Wed Aug 22 13:19:24 2012
@@ -1403,7 +1403,7 @@
         SecurityManager sm = System.getSecurityManager();
         if (sm != null) {
             ClassLoader ccl = getCallerClassLoader();
-            if (ccl != null && !isAncestor(ccl)) {
+            if (ClassLoader.needsClassLoaderPermissionCheck(ccl, this)) {
                 sm.checkPermission(SecurityConstants.GET_CLASSLOADER_PERMISSION);
             }
         }
@@ -1473,7 +1473,7 @@
         SecurityManager sm = System.getSecurityManager();
         if (sm != null) {
             ClassLoader ccl = getCallerClassLoader();
-            if (ccl != null && ccl != scl && !scl.isAncestor(ccl)) {
+            if (ClassLoader.needsClassLoaderPermissionCheck(ccl, scl)) {
                 sm.checkPermission(SecurityConstants.GET_CLASSLOADER_PERMISSION);
             }
         }
@@ -1523,6 +1523,23 @@
         return false;
     }
 
+    // Tests if class loader access requires "getClassLoader" permission
+    // check.  A class loader 'from' can access class loader 'to' if
+    // class loader 'from' is same as class loader 'to' or an ancestor
+    // of 'to'.  The class loader in a system domain can access
+    // any class loader.
+    static boolean needsClassLoaderPermissionCheck(ClassLoader from,
+                                                   ClassLoader to)
+    {
+        if (from == to)
+            return false;
+
+        if (from == null)
+            return false;
+
+        return !to.isAncestor(from);
+    }
+
     // Returns the invoker's class loader, or null if none.
     // NOTE: This must always be invoked when there is exactly one intervening
     // frame from the core libraries on the stack between this method's