Restricted methods

Various methods in the Java SE API allow Java code to interoperate with resources outside the Java runtime in such a way that the runtime cannot prove correct or safe use of the resources. These methods can, when used incorrectly, violate the integrity of the Java Virtual Machine, but are conditionally made available to users, as they provide essential functionality. They are known as restricted methods.

Given the potential danger of restricted methods, the Java runtime issues a warning on the standard error stream every time a restricted method is invoked. Such warnings can be disabled by granting access to restricted methods to selected modules. This can be done either via implementation-specific command line options or programmatically, e.g. by calling ModuleLayer.Controller.enableNativeAccess(java.lang.Module).

When a restricted method is invoked by JNI code, or from an upcall stub and there is no caller class on the stack, it is as if the restricted method call occurred in an unnamed module.

In the reference implementation, access to restricted methods can be granted to specific modules using the command line option --enable-native-access=M1,M2, ... Mn, where M1, M2, ... Mn are module names (for the unnamed module, the special value ALL-UNNAMED can be used). Access to restricted methods from modules not listed by that option is deemed illegal. Clients can control how access to restricted methods is handled, using the command line option --illegal-native-access. If this option is not specified, illegal access to restricted methods will result in runtime warnings.