8331671: Implement JEP 472: Prepare to Restrict the Use of JNI

Reviewed-by: jpai, prr, ihse, kcr, alanb
2025-08-27 06:45:07 +02:00 · 2024-08-26 09:17:45 +00:00 · 2024-08-26 09:17:45 +00:00 · 20d8f58c92
commit 20d8f58c92
parent ce83f6af64
107 changed files with 551 additions and 182 deletions
--- a/make/conf/module-loader-map.conf
+++ b/make/conf/module-loader-map.conf
@ -94,48 +94,26 @@ PLATFORM_MODULES_windows= \
 NATIVE_ACCESS_MODULES= \
    java.base \
    java.datatransfer \
    java.desktop \
    java.instrument \
    java.logging \
    java.management \
    java.management.rmi \
    java.naming \
    java.net.http \
    java.prefs \
    java.rmi \
    java.scripting \
    java.se \
    java.security.jgss \
    java.security.sasl \
    java.smartcardio \
    java.sql \
    java.sql.rowset \
    java.transaction.xa \
    java.xml \
    java.xml.crypto \
    jdk.accessibility \
-    jdk.charsets \
+    jdk.attach \
    jdk.crypto.cryptoki \
-    jdk.dynalink \
+    jdk.crypto.mscapi \
-    jdk.httpserver \
+    jdk.hotspot.agent \
    jdk.incubator.vector \
    jdk.internal.le \
    jdk.internal.vm.ci \
    jdk.jdi \
    jdk.jfr \
-    jdk.jsobject \
+    jdk.jpackage \
    jdk.localedata \
    jdk.management \
    jdk.management.agent \
    jdk.management.jfr \
    jdk.naming.dns \
    jdk.naming.rmi \
    jdk.net \
    jdk.nio.mapmode \
    jdk.sctp \
    jdk.security.auth \
    jdk.security.jgss \
    jdk.unsupported \
    jdk.xml.dom \
    jdk.zipfs \
    #
--- a/make/test/BuildTestLib.gmk
+++ b/make/test/BuildTestLib.gmk
@ -64,7 +64,7 @@ $(eval $(call SetupJavaCompilation, BUILD_TEST_LIB_JAR, \
    BIN := $(TEST_LIB_SUPPORT)/test-lib_classes, \
    HEADERS := $(TEST_LIB_SUPPORT)/test-lib_headers, \
    JAR := $(TEST_LIB_SUPPORT)/test-lib.jar, \
-    DISABLED_WARNINGS := try deprecation rawtypes unchecked serial cast removal preview dangling-doc-comments, \
+    DISABLED_WARNINGS := try deprecation rawtypes unchecked serial cast removal preview restricted dangling-doc-comments, \
    JAVAC_FLAGS := --add-exports java.base/sun.security.util=ALL-UNNAMED \
        --add-exports java.base/jdk.internal.classfile=ALL-UNNAMED \
        --add-exports java.base/jdk.internal.classfile.attribute=ALL-UNNAMED \
--- a/src/hotspot/share/classfile/vmClassMacros.hpp
+++ b/src/hotspot/share/classfile/vmClassMacros.hpp
@ -77,6 +77,7 @@
  do_klass(StackOverflowError_klass,                    java_lang_StackOverflowError                          ) \
  do_klass(IllegalMonitorStateException_klass,          java_lang_IllegalMonitorStateException                ) \
  do_klass(Reference_klass,                             java_lang_ref_Reference                               ) \
  do_klass(IllegalCallerException_klass,                java_lang_IllegalCallerException                      ) \
                                                                                                                \
  /* ref klasses and set reference types */                                                                     \
  do_klass(SoftReference_klass,                         java_lang_ref_SoftReference                           ) \
--- a/src/hotspot/share/classfile/vmSymbols.hpp
+++ b/src/hotspot/share/classfile/vmSymbols.hpp
@ -203,6 +203,7 @@ class SerializeClosure;
  template(java_lang_CloneNotSupportedException,      "java/lang/CloneNotSupportedException")     \
  template(java_lang_IllegalAccessException,          "java/lang/IllegalAccessException")         \
  template(java_lang_IllegalArgumentException,        "java/lang/IllegalArgumentException")       \
  template(java_lang_IllegalCallerException,          "java/lang/IllegalCallerException")         \
  template(java_lang_IllegalStateException,           "java/lang/IllegalStateException")          \
  template(java_lang_IllegalMonitorStateException,    "java/lang/IllegalMonitorStateException")   \
  template(java_lang_IllegalThreadStateException,     "java/lang/IllegalThreadStateException")    \
@ -588,7 +589,7 @@ class SerializeClosure;
  template(string_boolean_class_signature,            "(Ljava/lang/String;Z)Ljava/lang/Class;")                   \
  template(object_object_object_signature,            "(Ljava/lang/Object;Ljava/lang/Object;)Ljava/lang/Object;") \
  template(string_string_signature,                   "(Ljava/lang/String;)Ljava/lang/String;")                   \
-  template(classloader_string_long_signature,         "(Ljava/lang/ClassLoader;Ljava/lang/String;)J")             \
+  template(classloader_class_string_string_long_signature,         "(Ljava/lang/ClassLoader;Ljava/lang/Class;Ljava/lang/String;Ljava/lang/String;)J")             \
  template(byte_array_void_signature,                 "([B)V")                                                    \
  template(long_long_void_signature,                  "(JJ)V")                                                    \
  template(void_byte_array_signature,                 "()[B")                                                     \
--- a/src/hotspot/share/prims/nativeLookup.cpp
+++ b/src/hotspot/share/prims/nativeLookup.cpp
@ -273,16 +273,22 @@ address NativeLookup::lookup_style(const methodHandle& method, char* pure_name,
  // Otherwise call static method findNative in ClassLoader
  Klass*   klass = vmClasses::ClassLoader_klass();
-  Handle name_arg = java_lang_String::create_from_str(jni_name, CHECK_NULL);
+  Handle jni_class(THREAD, method->method_holder()->java_mirror());
  Handle jni_name_arg = java_lang_String::create_from_str(jni_name, CHECK_NULL);
  Handle java_name_arg = java_lang_String::create_from_str(method->name()->as_C_string(), CHECK_NULL);
  JavaCallArguments args;
  args.push_oop(loader);
  args.push_oop(jni_class);
  args.push_oop(jni_name_arg);
  args.push_oop(java_name_arg);
  JavaValue result(T_LONG);
  JavaCalls::call_static(&result,
                         klass,
                         vmSymbols::findNative_name(),
-                         vmSymbols::classloader_string_long_signature(),
+                         vmSymbols::classloader_class_string_string_long_signature(),
-                         // Arguments
+                         &args,
                         loader,
                         name_arg,
                         CHECK_NULL);
  entry = (address) (intptr_t) result.get_jlong();
@ -409,6 +415,14 @@ address NativeLookup::lookup_base(const methodHandle& method, TRAPS) {
  entry = lookup_entry_prefixed(method, CHECK_NULL);
  if (entry != nullptr) return entry;
  if (THREAD->has_pending_exception()) {
    oop exception = THREAD->pending_exception();
    if (exception->is_a(vmClasses::IllegalCallerException_klass())) {
      // we already have a pending exception from the restricted method check, just return
      return nullptr;
    }
  }
  // Native function not found, throw UnsatisfiedLinkError
  stringStream ss;
  ss.print("'");
--- a/src/hotspot/share/runtime/arguments.cpp
+++ b/src/hotspot/share/runtime/arguments.cpp
@ -305,6 +305,8 @@ bool needs_module_property_warning = false;
 #define UPGRADE_PATH_LEN 12
 #define ENABLE_NATIVE_ACCESS "enable.native.access"
 #define ENABLE_NATIVE_ACCESS_LEN 20
 #define ILLEGAL_NATIVE_ACCESS "illegal.native.access"
 #define ILLEGAL_NATIVE_ACCESS_LEN 21
 // Return TRUE if option matches 'property', or 'property=', or 'property.'.
 static bool matches_property_suffix(const char* option, const char* property, size_t len) {
@ -326,6 +328,7 @@ bool Arguments::is_internal_module_property(const char* property) {
        matches_property_suffix(property_suffix, LIMITMODS, LIMITMODS_LEN) ||
        matches_property_suffix(property_suffix, PATH, PATH_LEN) ||
        matches_property_suffix(property_suffix, UPGRADE_PATH, UPGRADE_PATH_LEN) ||
        matches_property_suffix(property_suffix, ILLEGAL_NATIVE_ACCESS, ILLEGAL_NATIVE_ACCESS_LEN) ||
        matches_property_suffix(property_suffix, ENABLE_NATIVE_ACCESS, ENABLE_NATIVE_ACCESS_LEN)) {
      return true;
    }
@ -2243,6 +2246,10 @@ jint Arguments::parse_each_vm_init_arg(const JavaVMInitArgs* args, bool* patch_m
      if (!create_numbered_module_property("jdk.module.enable.native.access", tail, enable_native_access_count++)) {
        return JNI_ENOMEM;
      }
    } else if (match_option(option, "--illegal-native-access=", &tail)) {
      if (!create_module_property("jdk.module.illegal.native.access", tail, InternalProperty)) {
        return JNI_ENOMEM;
      }
    } else if (match_option(option, "--limit-modules=", &tail)) {
      if (!create_module_property("jdk.module.limitmods", tail, InternalProperty)) {
        return JNI_ENOMEM;
--- a/src/java.base/share/classes/java/lang/ClassLoader.java
+++ b/src/java.base/share/classes/java/lang/ClassLoader.java
@ -2442,10 +2442,27 @@ public abstract class ClassLoader {
                " in java.library.path: " + StaticProperty.javaLibraryPath());
    }
-    /*
+    /**
     * Invoked in the VM class linking code.
     * @param loader the class loader used to look up the native library symbol
     * @param clazz the class in which the native method is declared
     * @param entryName the native method's mangled name (this is the name used for the native lookup)
     * @param javaName the native method's declared name
     */
-    static long findNative(ClassLoader loader, String entryName) {
+    static long findNative(ClassLoader loader, Class<?> clazz, String entryName, String javaName) {
        long addr = findNativeInternal(loader, entryName);
        if (addr != 0 && loader != null) {
            Reflection.ensureNativeAccess(clazz, clazz, javaName, true);
        }
        return addr;
    }
    /*
     * This is also called by SymbolLookup::loaderLookup. In that case, we need
     * to avoid a restricted check, as that check has already been performed when
     * obtaining the lookup.
     */
    static long findNativeInternal(ClassLoader loader, String entryName) {
        if (loader == null) {
            return BootLoader.getNativeLibraries().find(entryName);
        } else {
--- a/src/java.base/share/classes/java/lang/Module.java
+++ b/src/java.base/share/classes/java/lang/Module.java
@ -62,7 +62,9 @@ import jdk.internal.loader.BootLoader;
 import jdk.internal.loader.ClassLoaders;
 import jdk.internal.misc.CDS;
 import jdk.internal.misc.Unsafe;
 import jdk.internal.misc.VM;
 import jdk.internal.module.ModuleBootstrap;
 import jdk.internal.module.ModuleBootstrap.IllegalNativeAccess;
 import jdk.internal.module.ModuleLoaderMap;
 import jdk.internal.module.ServicesCatalog;
 import jdk.internal.module.Resources;
@ -300,26 +302,43 @@ public final class Module implements AnnotatedElement {
    }
    // This is invoked from Reflection.ensureNativeAccess
-    void ensureNativeAccess(Class<?> owner, String methodName, Class<?> currentClass) {
+    void ensureNativeAccess(Class<?> owner, String methodName, Class<?> currentClass, boolean jni) {
        // The target module whose enableNativeAccess flag is ensured
        Module target = moduleForNativeAccess();
-        if (!EnableNativeAccess.isNativeAccessEnabled(target)) {
+        ModuleBootstrap.IllegalNativeAccess illegalNativeAccess = ModuleBootstrap.illegalNativeAccess();
-            if (ModuleBootstrap.hasEnableNativeAccessFlag()) {
+        if (illegalNativeAccess != ModuleBootstrap.IllegalNativeAccess.ALLOW &&
-                throw new IllegalCallerException("Illegal native access from: " + this);
+                !EnableNativeAccess.isNativeAccessEnabled(target)) {
            String mod = isNamed() ? "module " + getName() : "an unnamed module";
            if (currentClass != null) {
                // try to extract location of the current class (e.g. jar or folder)
                URL url = System.codeSource(currentClass);
                if (url != null) {
                    mod += " (" + url + ")";
                }
            }
-            if (EnableNativeAccess.trySetEnableNativeAccess(target)) {
+            if (illegalNativeAccess == ModuleBootstrap.IllegalNativeAccess.DENY) {
                throw new IllegalCallerException("Illegal native access from " + mod);
            } else if (EnableNativeAccess.trySetEnableNativeAccess(target)) {
                // warn and set flag, so that only one warning is reported per module
                String cls = owner.getName();
                String mtd = cls + "::" + methodName;
                String mod = isNamed() ? "module " + getName() : "an unnamed module";
                String modflag = isNamed() ? getName() : "ALL-UNNAMED";
                String caller = currentClass != null ? currentClass.getName() : "code";
-                System.err.printf("""
+                if (jni) {
-                        WARNING: A restricted method in %s has been called
+                    VM.initialErr().printf("""
-                        WARNING: %s has been called by %s in %s
+                            WARNING: A native method in %s has been bound
-                        WARNING: Use --enable-native-access=%s to avoid a warning for callers in this module
+                            WARNING: %s is declared in %s
-                        WARNING: Restricted methods will be blocked in a future release unless native access is enabled
+                            WARNING: Use --enable-native-access=%s to avoid a warning for native methods declared in this module
-                        %n""", cls, mtd, caller, mod, modflag);
+                            WARNING: Restricted methods will be blocked in a future release unless native access is enabled
                            %n""", cls, mtd, mod, modflag);
                } else {
                    VM.initialErr().printf("""
                            WARNING: A restricted method in %s has been called
                            WARNING: %s has been called by %s in %s
                            WARNING: Use --enable-native-access=%s to avoid a warning for callers in this module
                            WARNING: Restricted methods will be blocked in a future release unless native access is enabled
                            %n""", cls, mtd, caller, mod, modflag);
                }
            }
        }
    }
--- a/src/java.base/share/classes/java/lang/ModuleLayer.java
+++ b/src/java.base/share/classes/java/lang/ModuleLayer.java
@ -323,7 +323,7 @@ public final class ModuleLayer {
        public Controller enableNativeAccess(Module target) {
            ensureInLayer(target);
            Reflection.ensureNativeAccess(Reflection.getCallerClass(), Module.class,
-                "enableNativeAccess");
+                "enableNativeAccess", false);
            target.implAddEnableNativeAccess();
            return this;
        }
--- a/src/java.base/share/classes/java/lang/Runtime.java
+++ b/src/java.base/share/classes/java/lang/Runtime.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1995, 2022, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1995, 2024, Oracle and/or its affiliates. All rights reserved.
 * Copyright (c) 2019, Azul Systems, Inc. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
@ -36,6 +36,7 @@ import java.util.Optional;
 import java.util.StringTokenizer;
 import jdk.internal.access.SharedSecrets;
 import jdk.internal.javac.Restricted;
 import jdk.internal.reflect.CallerSensitive;
 import jdk.internal.reflect.Reflection;
@ -828,14 +829,19 @@ public class Runtime {
     *             a native library image by the host system.
     * @throws     NullPointerException if {@code filename} is
     *             {@code null}
     * @throws     IllegalCallerException if the caller is in a module that
     *             does not have native access enabled.
     * @spec jni/index.html Java Native Interface Specification
     * @see        java.lang.Runtime#getRuntime()
     * @see        java.lang.SecurityException
     * @see        java.lang.SecurityManager#checkLink(java.lang.String)
     */
    @CallerSensitive
    @Restricted
    public void load(String filename) {
-        load0(Reflection.getCallerClass(), filename);
+        Class<?> caller = Reflection.getCallerClass();
        Reflection.ensureNativeAccess(caller, Runtime.class, "load", false);
        load0(caller, filename);
    }
    void load0(Class<?> fromClass, String filename) {
@ -894,13 +900,18 @@ public class Runtime {
     *             native library image by the host system.
     * @throws     NullPointerException if {@code libname} is
     *             {@code null}
     * @throws     IllegalCallerException if the caller is in a module that
     *             does not have native access enabled.
     * @spec jni/index.html Java Native Interface Specification
     * @see        java.lang.SecurityException
     * @see        java.lang.SecurityManager#checkLink(java.lang.String)
     */
    @CallerSensitive
    @Restricted
    public void loadLibrary(String libname) {
-        loadLibrary0(Reflection.getCallerClass(), libname);
+        Class<?> caller = Reflection.getCallerClass();
        Reflection.ensureNativeAccess(caller, Runtime.class, "loadLibrary", false);
        loadLibrary0(caller, libname);
    }
    void loadLibrary0(Class<?> fromClass, String libname) {
--- a/src/java.base/share/classes/java/lang/System.java
+++ b/src/java.base/share/classes/java/lang/System.java
@ -69,6 +69,7 @@ import java.util.function.Supplier;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.stream.Stream;
 import jdk.internal.javac.Restricted;
 import jdk.internal.logger.LoggerFinderLoader.TemporaryLoggerFinder;
 import jdk.internal.misc.Blocker;
 import jdk.internal.misc.CarrierThreadLocal;
@ -355,7 +356,7 @@ public final class System {
            = Collections.synchronizedMap(new WeakHashMap<>());
    }
-    private static URL codeSource(Class<?> clazz) {
+    static URL codeSource(Class<?> clazz) {
        PrivilegedAction<ProtectionDomain> pa = clazz::getProtectionDomain;
        @SuppressWarnings("removal")
        CodeSource cs = AccessController.doPrivileged(pa).getCodeSource();
@ -2017,14 +2018,19 @@ public final class System {
     *             linked with the VM, or the library cannot be mapped to
     *             a native library image by the host system.
     * @throws     NullPointerException if {@code filename} is {@code null}
     * @throws     IllegalCallerException if the caller is in a module that
     *             does not have native access enabled.
     *
     * @spec jni/index.html Java Native Interface Specification
     * @see        java.lang.Runtime#load(java.lang.String)
     * @see        java.lang.SecurityManager#checkLink(java.lang.String)
     */
    @CallerSensitive
    @Restricted
    public static void load(String filename) {
-        Runtime.getRuntime().load0(Reflection.getCallerClass(), filename);
+        Class<?> caller = Reflection.getCallerClass();
        Reflection.ensureNativeAccess(caller, System.class, "load", false);
        Runtime.getRuntime().load0(caller, filename);
    }
    /**
@ -2055,14 +2061,19 @@ public final class System {
     *             linked with the VM,  or the library cannot be mapped to a
     *             native library image by the host system.
     * @throws     NullPointerException if {@code libname} is {@code null}
     * @throws     IllegalCallerException if the caller is in a module that
     *             does not have native access enabled.
     *
     * @spec jni/index.html Java Native Interface Specification
     * @see        java.lang.Runtime#loadLibrary(java.lang.String)
     * @see        java.lang.SecurityManager#checkLink(java.lang.String)
     */
    @CallerSensitive
    @Restricted
    public static void loadLibrary(String libname) {
-        Runtime.getRuntime().loadLibrary0(Reflection.getCallerClass(), libname);
+        Class<?> caller = Reflection.getCallerClass();
        Reflection.ensureNativeAccess(caller, System.class, "loadLibrary", false);
        Runtime.getRuntime().loadLibrary0(caller, libname);
    }
    /**
@ -2539,8 +2550,8 @@ public final class System {
            public void addEnableNativeAccessToAllUnnamed() {
                Module.implAddEnableNativeAccessToAllUnnamed();
            }
-            public void ensureNativeAccess(Module m, Class<?> owner, String methodName, Class<?> currentClass) {
+            public void ensureNativeAccess(Module m, Class<?> owner, String methodName, Class<?> currentClass, boolean jni) {
-                m.ensureNativeAccess(owner, methodName, currentClass);
+                m.ensureNativeAccess(owner, methodName, currentClass, jni);
            }
            public ServicesCatalog getServicesCatalog(ModuleLayer layer) {
                return layer.getServicesCatalog();
@ -2645,7 +2656,7 @@ public final class System {
            @Override
            public long findNative(ClassLoader loader, String entry) {
-                return ClassLoader.findNative(loader, entry);
+                return ClassLoader.findNativeInternal(loader, entry);
            }
            @Override
--- a/src/java.base/share/classes/java/lang/foreign/AddressLayout.java
+++ b/src/java.base/share/classes/java/lang/foreign/AddressLayout.java
@ -108,7 +108,7 @@ public sealed interface AddressLayout extends ValueLayout permits ValueLayouts.O
     * @param layout the target layout
     * @return an address layout with same characteristics as this layout, but with the
     *          provided target layout
-     * @throws IllegalCallerException If the caller is in a module that does not have
+     * @throws IllegalCallerException if the caller is in a module that does not have
     *         native access enabled
     * @see #targetLayout()
     */
--- a/src/java.base/share/classes/java/lang/foreign/Linker.java
+++ b/src/java.base/share/classes/java/lang/foreign/Linker.java
@ -613,7 +613,7 @@ public sealed interface Linker permits AbstractLinker {
     *         {@code address.equals(MemorySegment.NULL)}
     * @throws IllegalArgumentException if an invalid combination of linker options
     *         is given
-     * @throws IllegalCallerException If the caller is in a module that does not have
+     * @throws IllegalCallerException if the caller is in a module that does not have
     *         native access enabled
     *
     * @see SymbolLookup
@ -684,7 +684,7 @@ public sealed interface Linker permits AbstractLinker {
     *         supported by this linker
     * @throws IllegalArgumentException if an invalid combination of linker options
     *         is given
-     * @throws IllegalCallerException If the caller is in a module that does not have
+     * @throws IllegalCallerException if the caller is in a module that does not have
     *         native access enabled
     */
    @CallerSensitive
@ -733,7 +733,7 @@ public sealed interface Linker permits AbstractLinker {
     * @throws IllegalStateException if {@code arena.scope().isAlive() == false}
     * @throws WrongThreadException if {@code arena} is a confined arena, and this method
     *         is called from a thread {@code T}, other than the arena's owner thread
-     * @throws IllegalCallerException If the caller is in a module that does not have
+     * @throws IllegalCallerException if the caller is in a module that does not have
     *         native access enabled
     */
    @CallerSensitive
--- a/src/java.base/share/classes/java/lang/foreign/SymbolLookup.java
+++ b/src/java.base/share/classes/java/lang/foreign/SymbolLookup.java
@ -285,14 +285,14 @@ public interface SymbolLookup {
     * @throws WrongThreadException if {@code arena} is a confined arena, and this method
     *         is called from a thread {@code T}, other than the arena's owner thread
     * @throws IllegalArgumentException if {@code name} does not identify a valid library
-     * @throws IllegalCallerException If the caller is in a module that does not have
+     * @throws IllegalCallerException if the caller is in a module that does not have
     *         native access enabled
     */
    @CallerSensitive
    @Restricted
    static SymbolLookup libraryLookup(String name, Arena arena) {
        Reflection.ensureNativeAccess(Reflection.getCallerClass(),
-                SymbolLookup.class, "libraryLookup");
+                SymbolLookup.class, "libraryLookup", false);
        if (Utils.containsNullChars(name)) {
            throw new IllegalArgumentException("Cannot open library: " + name);
        }
@ -319,14 +319,14 @@ public interface SymbolLookup {
     *         is called from a thread {@code T}, other than the arena's owner thread
     * @throws IllegalArgumentException if {@code path} does not point to a valid library
     *         in the default file system
-     * @throws IllegalCallerException If the caller is in a module that does not have
+     * @throws IllegalCallerException if the caller is in a module that does not have
     *         native access enabled
     */
    @CallerSensitive
    @Restricted
    static SymbolLookup libraryLookup(Path path, Arena arena) {
        Reflection.ensureNativeAccess(Reflection.getCallerClass(),
-                SymbolLookup.class, "libraryLookup");
+                SymbolLookup.class, "libraryLookup", false);
        if (path.getFileSystem() != FileSystems.getDefault()) {
            throw new IllegalArgumentException("Path not in default file system: " + path);
        }
--- a/src/java.base/share/classes/java/lang/foreign/package-info.java
+++ b/src/java.base/share/classes/java/lang/foreign/package-info.java
@ -165,10 +165,11 @@
 * In the reference implementation, access to restricted methods can be granted to
 * specific modules using the command line option {@code --enable-native-access=M1,M2, ... Mn},
 * where {@code M1}, {@code M2}, {@code ... Mn} are module names (for the unnamed module,
- * the special value {@code ALL-UNNAMED} can be used). If this option is specified,
+ * the special value {@code ALL-UNNAMED} can be used). Access to restricted methods
- * access to restricted methods are only granted to the modules listed by that option.
+ * from modules not listed by that option is deemed <em>illegal</em>. Clients can
- * If this option is not specified, access to restricted methods is enabled for all
+ * control how access to restricted methods is handled, using the command line
- * modules, but access to restricted methods will result in runtime warnings.
+ * option {@code --illegal-native-access}. If this option is not specified,
 * illegal access to restricted methods will result in runtime warnings.
 *
 * @spec jni/index.html Java Native Interface Specification
 *
--- a/src/java.base/share/classes/jdk/internal/access/JavaLangAccess.java
+++ b/src/java.base/share/classes/jdk/internal/access/JavaLangAccess.java
@ -281,10 +281,14 @@ public interface JavaLangAccess {
    void addEnableNativeAccessToAllUnnamed();
    /**
-     * Ensure that the given module has native access. If not, warn or
+     * Ensure that the given module has native access. If not, warn or throw exception depending on the configuration.
-     * throw exception depending on the configuration.
+     * @param m the module in which native access occurred
     * @param owner the owner of the restricted method being called (or the JNI method being bound)
     * @param methodName the name of the restricted method being called (or the JNI method being bound)
     * @param currentClass the class calling the restricted method (for JNI, this is the same as {@code owner})
     * @param jni {@code true}, if this event is related to a JNI method being bound
     */
-    void ensureNativeAccess(Module m, Class<?> owner, String methodName, Class<?> currentClass);
+    void ensureNativeAccess(Module m, Class<?> owner, String methodName, Class<?> currentClass, boolean jni);
    /**
     * Returns the ServicesCatalog for the given Layer.
--- a/src/java.base/share/classes/jdk/internal/foreign/AbstractMemorySegmentImpl.java
+++ b/src/java.base/share/classes/jdk/internal/foreign/AbstractMemorySegmentImpl.java
@ -152,7 +152,7 @@ public abstract sealed class AbstractMemorySegmentImpl
    }
    public MemorySegment reinterpretInternal(Class<?> callerClass, long newSize, Scope scope, Consumer<MemorySegment> cleanup) {
-        Reflection.ensureNativeAccess(callerClass, MemorySegment.class, "reinterpret");
+        Reflection.ensureNativeAccess(callerClass, MemorySegment.class, "reinterpret", false);
        Utils.checkNonNegativeArgument(newSize, "newSize");
        if (!isNative()) throw new UnsupportedOperationException("Not a native segment");
        Runnable action = cleanup != null ?
--- a/src/java.base/share/classes/jdk/internal/foreign/abi/AbstractLinker.java
+++ b/src/java.base/share/classes/jdk/internal/foreign/abi/AbstractLinker.java
@ -80,7 +80,7 @@ public abstract sealed class AbstractLinker implements Linker permits LinuxAArch
    @Override
    @CallerSensitive
    public final MethodHandle downcallHandle(MemorySegment symbol, FunctionDescriptor function, Option... options) {
-        Reflection.ensureNativeAccess(Reflection.getCallerClass(), Linker.class, "downcallHandle");
+        Reflection.ensureNativeAccess(Reflection.getCallerClass(), Linker.class, "downcallHandle", false);
        SharedUtils.checkSymbol(symbol);
        return downcallHandle0(function, options).bindTo(symbol);
    }
@ -88,7 +88,7 @@ public abstract sealed class AbstractLinker implements Linker permits LinuxAArch
    @Override
    @CallerSensitive
    public final MethodHandle downcallHandle(FunctionDescriptor function, Option... options) {
-        Reflection.ensureNativeAccess(Reflection.getCallerClass(), Linker.class, "downcallHandle");
+        Reflection.ensureNativeAccess(Reflection.getCallerClass(), Linker.class, "downcallHandle", false);
        return downcallHandle0(function, options);
    }
@ -115,7 +115,7 @@ public abstract sealed class AbstractLinker implements Linker permits LinuxAArch
    @Override
    @CallerSensitive
    public final MemorySegment upcallStub(MethodHandle target, FunctionDescriptor function, Arena arena, Linker.Option... options) {
-        Reflection.ensureNativeAccess(Reflection.getCallerClass(), Linker.class, "upcallStub");
+        Reflection.ensureNativeAccess(Reflection.getCallerClass(), Linker.class, "upcallStub", false);
        Objects.requireNonNull(arena);
        Objects.requireNonNull(target);
        Objects.requireNonNull(function);
--- a/src/java.base/share/classes/jdk/internal/foreign/abi/fallback/LibFallback.java
+++ b/src/java.base/share/classes/jdk/internal/foreign/abi/fallback/LibFallback.java
@ -36,7 +36,7 @@ final class LibFallback {
    static final boolean SUPPORTED = tryLoadLibrary();
-    @SuppressWarnings("removal")
+    @SuppressWarnings({"removal", "restricted"})
    private static boolean tryLoadLibrary() {
        return java.security.AccessController.doPrivileged(
                new java.security.PrivilegedAction<>() {
--- a/src/java.base/share/classes/jdk/internal/foreign/layout/ValueLayouts.java
+++ b/src/java.base/share/classes/jdk/internal/foreign/layout/ValueLayouts.java
@ -332,7 +332,7 @@ public final class ValueLayouts {
        @Override
        @CallerSensitive
        public AddressLayout withTargetLayout(MemoryLayout layout) {
-            Reflection.ensureNativeAccess(Reflection.getCallerClass(), AddressLayout.class, "withTargetLayout");
+            Reflection.ensureNativeAccess(Reflection.getCallerClass(), AddressLayout.class, "withTargetLayout", false);
            Objects.requireNonNull(layout);
            return new OfAddressImpl(order(), byteSize(), byteAlignment(), layout, name());
        }
--- a/src/java.base/share/classes/jdk/internal/jimage/NativeImageBuffer.java
+++ b/src/java.base/share/classes/jdk/internal/jimage/NativeImageBuffer.java
@ -38,6 +38,7 @@ class NativeImageBuffer {
    static {
        java.security.AccessController.doPrivileged(
                new java.security.PrivilegedAction<Void>() {
                    @SuppressWarnings("restricted")
                    public Void run() {
                        System.loadLibrary("jimage");
                        return null;
--- a/src/java.base/share/classes/jdk/internal/module/ModuleBootstrap.java
+++ b/src/java.base/share/classes/jdk/internal/module/ModuleBootstrap.java
@ -787,17 +787,23 @@ public final class ModuleBootstrap {
        }
    }
    private static final boolean HAS_ENABLE_NATIVE_ACCESS_FLAG;
    private static final Set<String> USER_NATIVE_ACCESS_MODULES;
    private static final Set<String> JDK_NATIVE_ACCESS_MODULES;
    private static final IllegalNativeAccess ILLEGAL_NATIVE_ACCESS;
-    public static boolean hasEnableNativeAccessFlag() {
+    public enum IllegalNativeAccess {
-        return HAS_ENABLE_NATIVE_ACCESS_FLAG;
+        ALLOW,
        WARN,
        DENY
    }
    public static IllegalNativeAccess illegalNativeAccess() {
        return ILLEGAL_NATIVE_ACCESS;
    }
    static {
        ILLEGAL_NATIVE_ACCESS = addIllegalNativeAccess();
        USER_NATIVE_ACCESS_MODULES = decodeEnableNativeAccess();
        HAS_ENABLE_NATIVE_ACCESS_FLAG = !USER_NATIVE_ACCESS_MODULES.isEmpty();
        JDK_NATIVE_ACCESS_MODULES = ModuleLoaderMap.nativeAccessModules();
    }
@ -847,6 +853,27 @@ public final class ModuleBootstrap {
        return modules;
    }
    /**
     * Process the --illegal-native-access option (and its default).
     */
    private static IllegalNativeAccess addIllegalNativeAccess() {
        String value = getAndRemoveProperty("jdk.module.illegal.native.access");
        // don't use a switch: bootstrapping issues!
        if (value == null) {
            return IllegalNativeAccess.WARN; // default
        } else if (value.equals("deny")) {
            return IllegalNativeAccess.DENY;
        } else if (value.equals("allow")) {
            return IllegalNativeAccess.ALLOW;
        } else if (value.equals("warn")) {
            return IllegalNativeAccess.WARN;
        } else {
            fail("Value specified to --illegal-native-access not recognized:"
                    + " '" + value + "'");
            return null;
        }
    }
    /**
     * Decodes the values of --add-reads, -add-exports, --add-opens or
     * --patch-modules options that are encoded in system properties.
--- a/src/java.base/share/classes/jdk/internal/reflect/Reflection.java
+++ b/src/java.base/share/classes/jdk/internal/reflect/Reflection.java
@ -111,7 +111,7 @@ public class Reflection {
    }
    @ForceInline
-    public static void ensureNativeAccess(Class<?> currentClass, Class<?> owner, String methodName) {
+    public static void ensureNativeAccess(Class<?> currentClass, Class<?> owner, String methodName, boolean jni) {
        // if there is no caller class, act as if the call came from unnamed module of system class loader
        Module module = currentClass != null ?
                currentClass.getModule() :
@ -119,7 +119,10 @@ public class Reflection {
        class Holder {
            static final JavaLangAccess JLA = SharedSecrets.getJavaLangAccess();
        }
-        Holder.JLA.ensureNativeAccess(module, owner, methodName, currentClass);
+        if (module != null) {
            // not in init phase
            Holder.JLA.ensureNativeAccess(module, owner, methodName, currentClass, jni);
        }
    }
    /**
--- a/src/java.base/share/classes/sun/launcher/resources/launcher.properties
+++ b/src/java.base/share/classes/sun/launcher/resources/launcher.properties
@ -65,6 +65,11 @@ java.launcher.opt.footer = \
 \    --enable-native-access <module name>[,<module name>...]\n\
 \                  allow code in modules to access code and data outside the Java runtime.\n\
 \                  <module name> can also be ALL-UNNAMED to indicate code on the class path.\n\
 \    --illegal-native-access=<value>\n\
 \                  allow or deny access to code and data outside the Java runtime\n\
 \                  by code in modules for which native access is not explicitly enabled.\n\
 \                  <value> is one of "deny", "warn" or "allow". The default value is "warn".\n\
 \                  This option will be removed in a future release.\n\
 \    --list-modules\n\
 \                  list observable modules and exit\n\
 \    -d <module name>\n\
--- a/src/java.base/share/man/java.1
+++ b/src/java.base/share/man/java.1
@ -552,15 +552,45 @@ of the release.
 Native access involves access to code or data outside the Java runtime.
 This is generally unsafe and, if done incorrectly, might crash the JVM
 or result in memory corruption.
-Methods that provide native access are restricted, and by default their
+Native access can occur as a result of calling a method that is either
-use causes warnings.
+\f[B]restricted\f[R] [https://openjdk.org/jeps/454#Safety], or
-This option allows code in the specified modules to use restricted
+\f[V]native\f[R].
-methods without warnings.
+This option allows code in the specified modules to perform native
-\f[I]module\f[R] can be \f[V]ALL-UNNAMED\f[R] to indicate code on the
+access.
-class path.
+Native access occurring in a module that has not been explicitly enabled
-When this option is present, any use of restricted methods by code
+is deemed \f[I]illegal\f[R].
-outside the specified modules causes an
+.RS
 .PP
 \f[I]module\f[R] can be a module name, or \f[V]ALL-UNNAMED\f[R] to
 indicate code on the class path.
 .RE
 .TP
 -\f[V]--illegal-native-access=\f[R]\f[I]parameter\f[R]
 This option specifies a mode for how illegal native access is handled:
 .RS
 .RS
 .PP
 \f[B]Note:\f[R] This option will be removed in a future release.
 .RE
 .IP \[bu] 2
 \f[V]allow\f[R]: This mode allows illegal native access in all modules,
 without any warings.
 .IP \[bu] 2
 \f[V]warn\f[R]: This mode is identical to \f[V]allow\f[R] except that a
 warning message is issued for the first illegal native access found in a
 module.
 This mode is the default for the current JDK but will change in a future
 release.
 .IP \[bu] 2
 \f[V]deny\f[R]: This mode disables illegal native access.
 That is, any illegal native access causes an
 \f[V]IllegalCallerException\f[R].
 This mode will become the default in a future release.
 .PP
 To verify that your application is ready for a future version of the
 JDK, run it with \f[V]--illegal-native-access=deny\f[R] along with any
 necessary \f[V]--enable-native-access\f[R] options.
 .RE
 .TP
 \f[V]--finalization=\f[R]\f[I]value\f[R]
 Controls whether the JVM performs finalization of objects.
--- a/src/java.desktop/macosx/classes/com/apple/eio/FileManager.java
+++ b/src/java.desktop/macosx/classes/com/apple/eio/FileManager.java
@ -58,7 +58,7 @@ public class FileManager {
        loadOSXLibrary();
    }
-    @SuppressWarnings("removal")
+    @SuppressWarnings({"removal", "restricted"})
    private static void loadOSXLibrary() {
        java.security.AccessController.doPrivileged(
            new java.security.PrivilegedAction<Void>() {
--- a/src/java.desktop/macosx/classes/com/apple/laf/AquaFileView.java
+++ b/src/java.desktop/macosx/classes/com/apple/laf/AquaFileView.java
@ -65,7 +65,7 @@ class AquaFileView extends FileView {
        loadOSXUILibrary();
    }
-    @SuppressWarnings("removal")
+    @SuppressWarnings({"removal", "restricted"})
    private static void loadOSXUILibrary() {
        java.security.AccessController.doPrivileged(
            new java.security.PrivilegedAction<Void>() {
--- a/src/java.desktop/macosx/classes/com/apple/laf/AquaLookAndFeel.java
+++ b/src/java.desktop/macosx/classes/com/apple/laf/AquaLookAndFeel.java
@ -154,7 +154,7 @@ public class AquaLookAndFeel extends BasicLookAndFeel {
     * @see #uninitialize
     * @see UIManager#setLookAndFeel
     */
-    @SuppressWarnings("removal")
+    @SuppressWarnings({"removal", "restricted"})
    public void initialize() {
        java.security.AccessController.doPrivileged(new PrivilegedAction<Void>() {
                public Void run() {
--- a/src/java.desktop/macosx/classes/com/apple/laf/AquaMenuBarUI.java
+++ b/src/java.desktop/macosx/classes/com/apple/laf/AquaMenuBarUI.java
@ -41,7 +41,7 @@ import sun.lwawt.macosx.LWCToolkit;
 import sun.security.action.GetBooleanAction;
 // MenuBar implementation for Mac L&F
-@SuppressWarnings("removal")
+@SuppressWarnings({"removal", "restricted"})
 public class AquaMenuBarUI extends BasicMenuBarUI implements ScreenMenuBarProvider {
    static {
--- a/src/java.desktop/macosx/classes/com/apple/laf/AquaNativeResources.java
+++ b/src/java.desktop/macosx/classes/com/apple/laf/AquaNativeResources.java
@ -32,7 +32,7 @@ import javax.swing.plaf.UIResource;
 import com.apple.laf.AquaUtils.RecyclableSingleton;
-@SuppressWarnings("removal")
+@SuppressWarnings({"removal", "restricted"})
 public class AquaNativeResources {
    static {
        java.security.AccessController.doPrivileged(
--- a/src/java.desktop/macosx/classes/com/apple/laf/ScreenMenu.java
+++ b/src/java.desktop/macosx/classes/com/apple/laf/ScreenMenu.java
@ -45,7 +45,7 @@ final class ScreenMenu extends Menu
        loadAWTLibrary();
    }
-    @SuppressWarnings("removal")
+    @SuppressWarnings({"removal", "restricted"})
    private static void loadAWTLibrary() {
        java.security.AccessController.doPrivileged(
            new java.security.PrivilegedAction<Void>() {
--- a/src/java.desktop/macosx/classes/sun/awt/PlatformGraphicsInfo.java
+++ b/src/java.desktop/macosx/classes/sun/awt/PlatformGraphicsInfo.java
@ -30,7 +30,7 @@ import java.awt.Toolkit;
 import java.security.AccessController;
 import java.security.PrivilegedAction;
-@SuppressWarnings("removal")
+@SuppressWarnings({"removal", "restricted"})
 public class PlatformGraphicsInfo {
    static {
--- a/src/java.desktop/macosx/classes/sun/lwawt/macosx/CAccessibility.java
+++ b/src/java.desktop/macosx/classes/sun/lwawt/macosx/CAccessibility.java
@ -77,7 +77,7 @@ class CAccessibility implements PropertyChangeListener {
        loadAWTLibrary();
    }
-    @SuppressWarnings("removal")
+    @SuppressWarnings({"removal", "restricted"})
    private static void loadAWTLibrary() {
            // Need to load the native library for this code.
        java.security.AccessController.doPrivileged(
--- a/src/java.desktop/macosx/classes/sun/lwawt/macosx/LWCToolkit.java
+++ b/src/java.desktop/macosx/classes/sun/lwawt/macosx/LWCToolkit.java
@ -146,7 +146,7 @@ public final class LWCToolkit extends LWToolkit {
    static {
        System.err.flush();
-        @SuppressWarnings("removal")
+        @SuppressWarnings({"removal", "restricted"})
        ResourceBundle platformResources = java.security.AccessController.doPrivileged(
                new java.security.PrivilegedAction<ResourceBundle>() {
            @Override
--- a/src/java.desktop/share/classes/com/sun/imageio/plugins/jpeg/JPEGImageReader.java
+++ b/src/java.desktop/share/classes/com/sun/imageio/plugins/jpeg/JPEGImageReader.java
@ -90,7 +90,7 @@ public class JPEGImageReader extends ImageReader {
        initStatic();
    }
-    @SuppressWarnings("removal")
+    @SuppressWarnings({"removal", "restricted"})
    private static void initStatic() {
        java.security.AccessController.doPrivileged(
            new java.security.PrivilegedAction<Void>() {
--- a/src/java.desktop/share/classes/com/sun/imageio/plugins/jpeg/JPEGImageWriter.java
+++ b/src/java.desktop/share/classes/com/sun/imageio/plugins/jpeg/JPEGImageWriter.java
@ -175,7 +175,7 @@ public class JPEGImageWriter extends ImageWriter {
        initStatic();
    }
-    @SuppressWarnings("removal")
+    @SuppressWarnings({"removal", "restricted"})
    private static void initStatic() {
        java.security.AccessController.doPrivileged(
            new java.security.PrivilegedAction<Void>() {
--- a/src/java.desktop/share/classes/com/sun/media/sound/Platform.java
+++ b/src/java.desktop/share/classes/com/sun/media/sound/Platform.java
@ -74,7 +74,7 @@ final class Platform {
    /**
     * Load the native library or libraries.
     */
-    @SuppressWarnings("removal")
+    @SuppressWarnings({"removal", "restricted"})
    private static void loadLibraries() {
        // load the native library
        isNativeLibLoaded = true;
--- a/src/java.desktop/share/classes/java/awt/SplashScreen.java
+++ b/src/java.desktop/share/classes/java/awt/SplashScreen.java
@ -121,7 +121,7 @@ public final class SplashScreen {
     * @return the {@link SplashScreen} instance, or {@code null} if there is
     *         none or it has already been closed
     */
-    @SuppressWarnings("removal")
+    @SuppressWarnings({"removal", "restricted"})
    public static  SplashScreen getSplashScreen() {
        synchronized (SplashScreen.class) {
            if (GraphicsEnvironment.isHeadless()) {
--- a/src/java.desktop/share/classes/java/awt/Toolkit.java
+++ b/src/java.desktop/share/classes/java/awt/Toolkit.java
@ -1375,7 +1375,7 @@ public abstract class Toolkit {
     * directly.  -hung
     */
    private static boolean loaded = false;
-    @SuppressWarnings("removal")
+    @SuppressWarnings({"removal", "restricted"})
    static void loadLibraries() {
        if (!loaded) {
            java.security.AccessController.doPrivileged(
--- a/src/java.desktop/share/classes/java/awt/event/NativeLibLoader.java
+++ b/src/java.desktop/share/classes/java/awt/event/NativeLibLoader.java
@ -52,7 +52,7 @@ class NativeLibLoader {
     * For now, we know it's done by the implementation, and we assume
     * that the name of the library is "awt".  -br.
     */
-    @SuppressWarnings("removal")
+    @SuppressWarnings({"removal", "restricted"})
    static void loadLibraries() {
        java.security.AccessController.doPrivileged(
            new java.security.PrivilegedAction<Void>() {
--- a/src/java.desktop/share/classes/java/awt/image/ColorModel.java
+++ b/src/java.desktop/share/classes/java/awt/image/ColorModel.java
@ -202,7 +202,7 @@ public abstract class ColorModel implements Transparency{
     * that the name of the library is "awt".  -br.
     */
    private static boolean loaded = false;
-    @SuppressWarnings("removal")
+    @SuppressWarnings({"removal", "restricted"})
    static void loadLibraries() {
        if (!loaded) {
            java.security.AccessController.doPrivileged(
--- a/src/java.desktop/share/classes/sun/awt/NativeLibLoader.java
+++ b/src/java.desktop/share/classes/sun/awt/NativeLibLoader.java
@ -52,7 +52,7 @@ class NativeLibLoader {
     * For now, we know it's done by the implementation, and we assume
     * that the name of the library is "awt".  -br.
     */
-    @SuppressWarnings("removal")
+    @SuppressWarnings({"removal", "restricted"})
    static void loadLibraries() {
        java.security.AccessController.doPrivileged(
            new java.security.PrivilegedAction<Void>() {
--- a/src/java.desktop/share/classes/sun/awt/image/ImagingLib.java
+++ b/src/java.desktop/share/classes/sun/awt/image/ImagingLib.java
@ -51,7 +51,7 @@ import java.security.PrivilegedAction;
 * (in which case our java code will be executed) or may throw
 * an exception.
 */
-@SuppressWarnings("removal")
+@SuppressWarnings({"removal", "restricted"})
 public class ImagingLib {
    static boolean useLib = true;
--- a/src/java.desktop/share/classes/sun/awt/image/JPEGImageDecoder.java
+++ b/src/java.desktop/share/classes/sun/awt/image/JPEGImageDecoder.java
@ -42,7 +42,7 @@ import java.awt.image.*;
 *
 * @author Jim Graham
 */
-@SuppressWarnings("removal")
+@SuppressWarnings({"removal", "restricted"})
 public class JPEGImageDecoder extends ImageDecoder {
    private static ColorModel RGBcolormodel;
    private static ColorModel ARGBcolormodel;
--- a/src/java.desktop/share/classes/sun/awt/image/NativeLibLoader.java
+++ b/src/java.desktop/share/classes/sun/awt/image/NativeLibLoader.java
@ -52,7 +52,7 @@ class NativeLibLoader {
     * For now, we know it's done by the implementation, and we assume
     * that the name of the library is "awt".  -br.
     */
-    @SuppressWarnings("removal")
+    @SuppressWarnings({"removal", "restricted"})
    static void loadLibraries() {
        java.security.AccessController.doPrivileged(
            new java.security.PrivilegedAction<Void>() {
--- a/src/java.desktop/share/classes/sun/font/FontManagerNativeLibrary.java
+++ b/src/java.desktop/share/classes/sun/font/FontManagerNativeLibrary.java
@ -27,7 +27,7 @@ package sun.font;
 import sun.awt.OSInfo;
-@SuppressWarnings("removal")
+@SuppressWarnings({"removal", "restricted"})
 public class FontManagerNativeLibrary {
    static {
        java.security.AccessController.doPrivileged(
--- a/src/java.desktop/share/classes/sun/java2d/Disposer.java
+++ b/src/java.desktop/share/classes/sun/java2d/Disposer.java
@ -50,7 +50,7 @@ import java.util.concurrent.ConcurrentLinkedDeque;
 *
 * @see DisposerRecord
 */
-@SuppressWarnings("removal")
+@SuppressWarnings({"removal", "restricted"})
 public class Disposer implements Runnable {
    private static final ReferenceQueue<Object> queue = new ReferenceQueue<>();
    private static final Hashtable<java.lang.ref.Reference<Object>, DisposerRecord> records =
--- a/src/java.desktop/share/classes/sun/java2d/cmm/lcms/LCMS.java
+++ b/src/java.desktop/share/classes/sun/java2d/cmm/lcms/LCMS.java
@ -143,7 +143,7 @@ final class LCMS implements PCMM {
    private static LCMS theLcms = null;
-    @SuppressWarnings("removal")
+    @SuppressWarnings({"removal", "restricted"})
    static synchronized PCMM getModule() {
        if (theLcms != null) {
            return theLcms;
--- a/src/java.desktop/unix/classes/sun/awt/X11GraphicsEnvironment.java
+++ b/src/java.desktop/unix/classes/sun/awt/X11GraphicsEnvironment.java
@ -59,7 +59,7 @@ public final class X11GraphicsEnvironment extends SunGraphicsEnvironment {
        initStatic();
    }
-    @SuppressWarnings("removal")
+    @SuppressWarnings({"removal", "restricted"})
    private static void initStatic() {
        java.security.AccessController.doPrivileged(
                          new java.security.PrivilegedAction<Object>() {
--- a/src/java.desktop/unix/classes/sun/print/CUPSPrinter.java
+++ b/src/java.desktop/unix/classes/sun/print/CUPSPrinter.java
@ -90,7 +90,7 @@ public class CUPSPrinter  {
        initStatic();
    }
-    @SuppressWarnings("removal")
+    @SuppressWarnings({"removal", "restricted"})
    private static void initStatic() {
        // load awt library to access native code
        java.security.AccessController.doPrivileged(
--- a/src/java.desktop/windows/classes/sun/awt/PlatformGraphicsInfo.java
+++ b/src/java.desktop/windows/classes/sun/awt/PlatformGraphicsInfo.java
@ -39,7 +39,7 @@ public class PlatformGraphicsInfo {
        hasDisplays = hasDisplays0();
    }
-    @SuppressWarnings("removal")
+    @SuppressWarnings({"removal", "restricted"})
    private static void loadAWTLibrary() {
        java.security.AccessController.doPrivileged(
            new java.security.PrivilegedAction<Void>() {
--- a/src/java.desktop/windows/classes/sun/awt/windows/WToolkit.java
+++ b/src/java.desktop/windows/classes/sun/awt/windows/WToolkit.java
@ -168,7 +168,7 @@ public final class WToolkit extends SunToolkit implements Runnable {
     */
    private static native void initIDs();
    private static boolean loaded = false;
-    @SuppressWarnings("removal")
+    @SuppressWarnings({"removal", "restricted"})
    public static void loadLibraries() {
        if (!loaded) {
            java.security.AccessController.doPrivileged(
--- a/src/java.desktop/windows/classes/sun/print/PrintServiceLookupProvider.java
+++ b/src/java.desktop/windows/classes/sun/print/PrintServiceLookupProvider.java
@ -54,7 +54,7 @@ public class PrintServiceLookupProvider extends PrintServiceLookup {
        loadAWTLibrary();
    }
-    @SuppressWarnings("removal")
+    @SuppressWarnings({"removal", "restricted"})
    private static void loadAWTLibrary() {
        java.security.AccessController.doPrivileged(
            new java.security.PrivilegedAction<Void>() {
--- a/src/java.instrument/share/classes/sun/instrument/InstrumentationImpl.java
+++ b/src/java.instrument/share/classes/sun/instrument/InstrumentationImpl.java
@ -63,6 +63,7 @@ import jdk.internal.vm.annotation.IntrinsicCandidate;
 * Keeps a pointer to the native data structure in a scalar field to allow native
 * processing behind native methods.
 */
@SuppressWarnings("restricted")
 public class InstrumentationImpl implements Instrumentation {
    private static final String TRACE_USAGE_PROP_NAME = "jdk.instrument.traceUsage";
    private static final boolean TRACE_USAGE;
--- a/src/java.management/share/classes/java/lang/management/ManagementFactory.java
+++ b/src/java.management/share/classes/java/lang/management/ManagementFactory.java
@ -1020,7 +1020,7 @@ public class ManagementFactory {
        loadNativeLib();
    }
-    @SuppressWarnings("removal")
+    @SuppressWarnings({"removal", "restricted"})
    private static void loadNativeLib() {
        AccessController.doPrivileged((PrivilegedAction<Void>) () -> {
            System.loadLibrary("management");
--- a/src/java.prefs/macosx/classes/java/util/prefs/MacOSXPreferencesFile.java
+++ b/src/java.prefs/macosx/classes/java/util/prefs/MacOSXPreferencesFile.java
@ -82,7 +82,7 @@ class MacOSXPreferencesFile {
        loadPrefsLib();
    }
-    @SuppressWarnings("removal")
+    @SuppressWarnings({"removal", "restricted"})
    private static void loadPrefsLib() {
        java.security.AccessController.doPrivileged(
            new java.security.PrivilegedAction<Void>() {
--- a/src/java.prefs/unix/classes/java/util/prefs/FileSystemPreferences.java
+++ b/src/java.prefs/unix/classes/java/util/prefs/FileSystemPreferences.java
@ -53,7 +53,7 @@ class FileSystemPreferences extends AbstractPreferences {
        loadPrefsLib();
    }
-    @SuppressWarnings("removal")
+    @SuppressWarnings({"removal", "restricted"})
    private static void loadPrefsLib() {
        PrivilegedAction<Void> load = () -> {
            System.loadLibrary("prefs");
--- a/src/java.prefs/windows/classes/java/util/prefs/WindowsPreferences.java
+++ b/src/java.prefs/windows/classes/java/util/prefs/WindowsPreferences.java
@ -50,7 +50,7 @@ class WindowsPreferences extends AbstractPreferences {
        loadPrefsLib();
    }
-    @SuppressWarnings("removal")
+    @SuppressWarnings({"removal", "restricted"})
    private static void loadPrefsLib() {
        PrivilegedAction<Void> load = () -> {
            System.loadLibrary("prefs");
--- a/src/java.rmi/share/classes/sun/rmi/transport/GC.java
+++ b/src/java.rmi/share/classes/sun/rmi/transport/GC.java
@ -39,7 +39,7 @@ import jdk.internal.misc.InnocuousThread;
 * @since    1.2
 */
-@SuppressWarnings("removal")
+@SuppressWarnings({"removal", "restricted"})
 class GC {
    private GC() { }            /* To prevent instantiation */
--- a/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java
+++ b/src/java.security.jgss/share/classes/sun/security/jgss/wrapper/SunNativeProvider.java
@ -68,7 +68,7 @@ public final class SunNativeProvider extends Provider {
        System.err.println(NAME + ": " + message);
    }
-    @SuppressWarnings("removal")
+    @SuppressWarnings({"removal", "restricted"})
    private static final HashMap<String, String> MECH_MAP =
            AccessController.doPrivileged(
                new PrivilegedAction<>() {
--- a/src/java.security.jgss/share/classes/sun/security/krb5/Credentials.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/Credentials.java
@ -524,7 +524,7 @@ public class Credentials {
    }
-    @SuppressWarnings("removal")
+    @SuppressWarnings({"removal", "restricted"})
    static void ensureLoaded() {
        java.security.AccessController.doPrivileged(
                new java.security.PrivilegedAction<Void> () {
--- a/src/java.security.jgss/share/classes/sun/security/krb5/SCDynamicStoreConfig.java
+++ b/src/java.security.jgss/share/classes/sun/security/krb5/SCDynamicStoreConfig.java
@ -45,7 +45,7 @@ public class SCDynamicStoreConfig {
    private static native List<String> getKerberosConfig();
    static {
-        @SuppressWarnings("removal")
+        @SuppressWarnings({"removal", "restricted"})
        boolean isMac = java.security.AccessController.doPrivileged(
            new java.security.PrivilegedAction<Boolean>() {
                public Boolean run() {
--- a/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
+++ b/src/java.smartcardio/unix/classes/sun/security/smartcardio/PlatformPCSC.java
@ -61,7 +61,7 @@ class PlatformPCSC {
        // empty
    }
-    @SuppressWarnings("removal")
+    @SuppressWarnings({"removal", "restricted"})
    static final Throwable initException
            = AccessController.doPrivileged(new PrivilegedAction<Throwable>() {
        public Throwable run() {
--- a/src/java.smartcardio/windows/classes/sun/security/smartcardio/PlatformPCSC.java
+++ b/src/java.smartcardio/windows/classes/sun/security/smartcardio/PlatformPCSC.java
@ -41,7 +41,7 @@ class PlatformPCSC {
        initException = loadLibrary();
    }
-    @SuppressWarnings("removal")
+    @SuppressWarnings({"removal", "restricted"})
    private static Throwable loadLibrary() {
        try {
            AccessController.doPrivileged(new PrivilegedAction<Void>() {
--- a/src/jdk.accessibility/windows/classes/com/sun/java/accessibility/internal/AccessBridge.java
+++ b/src/jdk.accessibility/windows/classes/com/sun/java/accessibility/internal/AccessBridge.java
@ -160,7 +160,7 @@ public final class AccessBridge {
        initStatic();
    }
-    @SuppressWarnings("removal")
+    @SuppressWarnings({"removal", "restricted"})
    private static void initStatic() {
        // Load the appropriate DLLs
        boolean is32on64 = false;
--- a/src/jdk.attach/aix/classes/sun/tools/attach/VirtualMachineImpl.java
+++ b/src/jdk.attach/aix/classes/sun/tools/attach/VirtualMachineImpl.java
@ -38,6 +38,7 @@ import static java.nio.charset.StandardCharsets.UTF_8;
 /*
 * Aix implementation of HotSpotVirtualMachine
 */
@SuppressWarnings("restricted")
 public class VirtualMachineImpl extends HotSpotVirtualMachine {
    // "/tmp" is used as a global well-known location for the files
    // .java_pid<pid>. and .attach_pid<pid>. It is important that this
--- a/src/jdk.attach/linux/classes/sun/tools/attach/VirtualMachineImpl.java
+++ b/src/jdk.attach/linux/classes/sun/tools/attach/VirtualMachineImpl.java
@ -40,6 +40,7 @@ import static java.nio.charset.StandardCharsets.UTF_8;
 /*
 * Linux implementation of HotSpotVirtualMachine
 */
@SuppressWarnings("restricted")
 public class VirtualMachineImpl extends HotSpotVirtualMachine {
    // "/tmp" is used as a global well-known location for the files
    // .java_pid<pid>. and .attach_pid<pid>. It is important that this
--- a/src/jdk.attach/macosx/classes/sun/tools/attach/VirtualMachineImpl.java
+++ b/src/jdk.attach/macosx/classes/sun/tools/attach/VirtualMachineImpl.java
@ -37,6 +37,7 @@ import static java.nio.charset.StandardCharsets.UTF_8;
 /*
 * Bsd implementation of HotSpotVirtualMachine
 */
@SuppressWarnings("restricted")
 public class VirtualMachineImpl extends HotSpotVirtualMachine {
    // "tmpdir" is used as a global well-known location for the files
    // .java_pid<pid>. and .attach_pid<pid>. It is important that this
--- a/src/jdk.attach/windows/classes/sun/tools/attach/AttachProviderImpl.java
+++ b/src/jdk.attach/windows/classes/sun/tools/attach/AttachProviderImpl.java
@ -34,6 +34,7 @@ import java.io.IOException;
 import java.net.InetAddress;
 import java.net.UnknownHostException;
@SuppressWarnings("restricted")
 public class AttachProviderImpl extends HotSpotAttachProvider {
    public AttachProviderImpl() {
--- a/src/jdk.attach/windows/classes/sun/tools/attach/VirtualMachineImpl.java
+++ b/src/jdk.attach/windows/classes/sun/tools/attach/VirtualMachineImpl.java
@ -35,6 +35,7 @@ import java.util.Random;
 /*
 * Windows implementation of HotSpotVirtualMachine
 */
@SuppressWarnings("restricted")
 public class VirtualMachineImpl extends HotSpotVirtualMachine {
    // the enqueue code stub (copied into each target VM)
--- a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
+++ b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/wrapper/PKCS11.java
@ -83,7 +83,7 @@ public class PKCS11 {
        // cannot use LoadLibraryAction because that would make the native
        // library available to the bootclassloader, but we run in the
        // extension classloader.
-        @SuppressWarnings("removal")
+        @SuppressWarnings({"removal", "restricted"})
        var dummy = AccessController.doPrivileged(new PrivilegedAction<Object>() {
            public Object run() {
                System.loadLibrary(PKCS11_WRAPPER);
--- a/src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/SunMSCAPI.java
+++ b/src/jdk.crypto.mscapi/windows/classes/sun/security/mscapi/SunMSCAPI.java
@ -50,7 +50,7 @@ public final class SunMSCAPI extends Provider {
    private static final String INFO = "Sun's Microsoft Crypto API provider";
    static {
-        @SuppressWarnings("removal")
+        @SuppressWarnings({"removal", "restricted"})
        var dummy = AccessController.doPrivileged(new PrivilegedAction<Void>() {
            public Void run() {
                System.loadLibrary("sunmscapi");
--- a/src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/debugger/bsd/BsdDebuggerLocal.java
+++ b/src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/debugger/bsd/BsdDebuggerLocal.java
@ -62,6 +62,7 @@ import sun.jvm.hotspot.utilities.PlatformInfo;
    RuntimeException if they are called before the debugger is
    configured with the Java primitive type sizes. </P> */
@SuppressWarnings("restricted")
 public class BsdDebuggerLocal extends DebuggerBase implements BsdDebugger {
    private boolean useGCC32ABI;
    private boolean attached;
--- a/src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/debugger/linux/LinuxDebuggerLocal.java
+++ b/src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/debugger/linux/LinuxDebuggerLocal.java
@ -67,6 +67,7 @@ import sun.jvm.hotspot.utilities.PlatformInfo;
    RuntimeException if they are called before the debugger is
    configured with the Java primitive type sizes. </P> */
@SuppressWarnings("restricted")
 public class LinuxDebuggerLocal extends DebuggerBase implements LinuxDebugger {
    private boolean useGCC32ABI;
    private boolean attached;
--- a/src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/debugger/windbg/WindbgDebuggerLocal.java
+++ b/src/jdk.hotspot.agent/share/classes/sun/jvm/hotspot/debugger/windbg/WindbgDebuggerLocal.java
@ -54,6 +54,7 @@ import sun.jvm.hotspot.runtime.*;
    RuntimeException if they are called before the debugger is
    configured with the Java primitive type sizes. </P> */
@SuppressWarnings("restricted")
 public class WindbgDebuggerLocal extends DebuggerBase implements WindbgDebugger {
  private PageCache cache;
  private boolean   attached;
--- a/src/jdk.jdi/windows/classes/com/sun/tools/jdi/SharedMemoryTransportService.java
+++ b/src/jdk.jdi/windows/classes/com/sun/tools/jdi/SharedMemoryTransportService.java
@ -65,6 +65,7 @@ class SharedMemoryTransportService extends TransportService {
        }
    }
    @SuppressWarnings("restricted")
    SharedMemoryTransportService() {
        System.loadLibrary("dt_shmem");
        initialize();
--- a/src/jdk.jpackage/windows/classes/jdk/jpackage/internal/ExecutableRebrander.java
+++ b/src/jdk.jpackage/windows/classes/jdk/jpackage/internal/ExecutableRebrander.java
@ -48,7 +48,7 @@ import static jdk.jpackage.internal.StandardBundlerParam.VENDOR;
 import static jdk.jpackage.internal.StandardBundlerParam.VERSION;
 import static jdk.jpackage.internal.WindowsAppImageBuilder.ICON_ICO;
-
+@SuppressWarnings("restricted")
 final class ExecutableRebrander {
    private static final ResourceBundle I18N = ResourceBundle.getBundle(
            "jdk.jpackage.internal.resources.WinResources");
--- a/src/jdk.jpackage/windows/classes/jdk/jpackage/internal/WinExeBundler.java
+++ b/src/jdk.jpackage/windows/classes/jdk/jpackage/internal/WinExeBundler.java
@ -31,6 +31,7 @@ import java.nio.file.Path;
 import java.text.MessageFormat;
 import java.util.Map;
@SuppressWarnings("restricted")
 public class WinExeBundler extends AbstractBundler {
    static {
--- a/src/jdk.jpackage/windows/classes/jdk/jpackage/internal/WindowsRegistry.java
+++ b/src/jdk.jpackage/windows/classes/jdk/jpackage/internal/WindowsRegistry.java
@ -28,6 +28,7 @@ package jdk.jpackage.internal;
 import java.util.ArrayList;
 import java.util.List;
@SuppressWarnings("restricted")
 final class WindowsRegistry {
    // Currently we only support HKEY_LOCAL_MACHINE. Native implementation will
--- a/src/jdk.management.agent/unix/classes/jdk/internal/agent/FileSystemImpl.java
+++ b/src/jdk.management.agent/unix/classes/jdk/internal/agent/FileSystemImpl.java
@ -31,7 +31,7 @@ import java.io.IOException;
 /*
 * Linux implementation of jdk.internal.agent.FileSystem
 */
-@SuppressWarnings("removal")
+@SuppressWarnings({"removal", "restricted"})
 public class FileSystemImpl extends FileSystem {
    public boolean supportsFileSecurity(File f) throws IOException {
--- a/src/jdk.management.agent/windows/classes/jdk/internal/agent/FileSystemImpl.java
+++ b/src/jdk.management.agent/windows/classes/jdk/internal/agent/FileSystemImpl.java
@ -31,7 +31,7 @@ import java.io.IOException;
 /*
 * Windows implementation of sun.management.FileSystem
 */
-@SuppressWarnings("removal")
+@SuppressWarnings({"removal", "restricted"})
 public class FileSystemImpl extends FileSystem {
    public boolean supportsFileSecurity(File f) throws IOException {
--- a/src/jdk.management/share/classes/com/sun/management/internal/Flag.java
+++ b/src/jdk.management/share/classes/com/sun/management/internal/Flag.java
@ -36,7 +36,7 @@ import java.security.AccessController;
 * corresponds to one VMOption.
 *
 */
-@SuppressWarnings("removal")
+@SuppressWarnings({"removal", "restricted"})
 class Flag {
    private String name;
    private Object value;
--- a/src/jdk.management/share/classes/com/sun/management/internal/PlatformMBeanProviderImpl.java
+++ b/src/jdk.management/share/classes/com/sun/management/internal/PlatformMBeanProviderImpl.java
@ -44,7 +44,7 @@ import javax.management.DynamicMBean;
 import sun.management.ManagementFactoryHelper;
 import sun.management.spi.PlatformMBeanProvider;
-@SuppressWarnings("removal")
+@SuppressWarnings({"removal", "restricted"})
 public final class PlatformMBeanProviderImpl extends PlatformMBeanProvider {
    static final String DIAGNOSTIC_COMMAND_MBEAN_NAME =
        "com.sun.management:type=DiagnosticCommand";
--- a/src/jdk.net/aix/classes/jdk/net/AIXSocketOptions.java
+++ b/src/jdk.net/aix/classes/jdk/net/AIXSocketOptions.java
@ -32,7 +32,7 @@ import java.security.PrivilegedAction;
 import jdk.net.ExtendedSocketOptions.PlatformSocketOptions;
 import sun.nio.fs.UnixUserPrincipals;
-@SuppressWarnings("removal")
+@SuppressWarnings({"removal", "restricted"})
 class AIXSocketOptions extends PlatformSocketOptions {
    public AIXSocketOptions() {
--- a/src/jdk.net/linux/classes/jdk/net/LinuxSocketOptions.java
+++ b/src/jdk.net/linux/classes/jdk/net/LinuxSocketOptions.java
@ -32,7 +32,7 @@ import java.security.PrivilegedAction;
 import jdk.net.ExtendedSocketOptions.PlatformSocketOptions;
 import sun.nio.fs.UnixUserPrincipals;
-@SuppressWarnings("removal")
+@SuppressWarnings({"removal", "restricted"})
 class LinuxSocketOptions extends PlatformSocketOptions {
    public LinuxSocketOptions() {
--- a/src/jdk.net/macosx/classes/jdk/net/MacOSXSocketOptions.java
+++ b/src/jdk.net/macosx/classes/jdk/net/MacOSXSocketOptions.java
@ -32,7 +32,7 @@ import java.security.PrivilegedAction;
 import jdk.net.ExtendedSocketOptions.PlatformSocketOptions;
 import sun.nio.fs.UnixUserPrincipals;
-@SuppressWarnings("removal")
+@SuppressWarnings({"removal", "restricted"})
 class MacOSXSocketOptions extends PlatformSocketOptions {
    public MacOSXSocketOptions() {
--- a/src/jdk.net/windows/classes/jdk/net/WindowsSocketOptions.java
+++ b/src/jdk.net/windows/classes/jdk/net/WindowsSocketOptions.java
@ -30,7 +30,7 @@ import java.security.PrivilegedAction;
 import jdk.net.ExtendedSocketOptions.PlatformSocketOptions;
-@SuppressWarnings("removal")
+@SuppressWarnings({"removal", "restricted"})
 class WindowsSocketOptions extends PlatformSocketOptions {
    public WindowsSocketOptions() {
--- a/src/jdk.sctp/unix/classes/sun/nio/ch/sctp/SctpChannelImpl.java
+++ b/src/jdk.sctp/unix/classes/sun/nio/ch/sctp/SctpChannelImpl.java
@ -1094,7 +1094,7 @@ public class SctpChannelImpl extends SctpChannel
        loadSctpLibrary();
    }
-    @SuppressWarnings("removal")
+    @SuppressWarnings({"removal", "restricted"})
    private static void loadSctpLibrary() {
        IOUtil.load();   /* loads nio & net native libraries */
        AccessController.doPrivileged(
--- a/src/jdk.sctp/unix/classes/sun/nio/ch/sctp/SctpNet.java
+++ b/src/jdk.sctp/unix/classes/sun/nio/ch/sctp/SctpNet.java
@ -333,7 +333,7 @@ public class SctpNet {
        loadSctpLibrary();
    }
-    @SuppressWarnings("removal")
+    @SuppressWarnings({"removal", "restricted"})
    private static void loadSctpLibrary() {
        IOUtil.load();   // loads nio & net native libraries
        java.security.AccessController.doPrivileged(
--- a/src/jdk.security.auth/share/classes/com/sun/security/auth/module/NTSystem.java
+++ b/src/jdk.security.auth/share/classes/com/sun/security/auth/module/NTSystem.java
@ -129,7 +129,7 @@ public class NTSystem {
        return impersonationToken;
    }
-
+    @SuppressWarnings("restricted")
    private void loadNative() {
        System.loadLibrary("jaas");
    }
--- a/src/jdk.security.auth/share/classes/com/sun/security/auth/module/UnixSystem.java
+++ b/src/jdk.security.auth/share/classes/com/sun/security/auth/module/UnixSystem.java
@ -53,6 +53,7 @@ public class UnixSystem {
     * Instantiate a {@code UnixSystem} and load
     * the native library to access the underlying system information.
     */
    @SuppressWarnings("restricted")
    public UnixSystem() {
        System.loadLibrary("jaas");
        getUnixInfo();
--- a/test/hotspot/jtreg/runtime/jni/checked/TestCheckedReleaseArrayElements.java
+++ b/test/hotspot/jtreg/runtime/jni/checked/TestCheckedReleaseArrayElements.java
@ -49,6 +49,7 @@ public class TestCheckedReleaseArrayElements {
            // that might generate output on stderr (which should be empty for this test).
            ProcessBuilder pb =
                ProcessTools.createLimitedTestJavaProcessBuilder("-Xcheck:jni",
                                                                 "--enable-native-access=ALL-UNNAMED",
                                                                 "-Djava.library.path=" + Utils.TEST_NATIVE_PATH,
                                                                 "TestCheckedReleaseArrayElements");
            OutputAnalyzer output = ProcessTools.executeProcess(pb);
--- a/test/jdk/java/foreign/TestRestricted.java
+++ b/test/jdk/java/foreign/TestRestricted.java
@ -88,7 +88,11 @@ public class TestRestricted {
            RestrictedMethod.of(MemorySegment.class, "reinterpret", MemorySegment.class, Arena.class, Consumer.class),
            RestrictedMethod.of(MemorySegment.class, "reinterpret", MemorySegment.class, long.class, Arena.class, Consumer.class),
            RestrictedMethod.of(AddressLayout.class, "withTargetLayout", AddressLayout.class, MemoryLayout.class),
-            RestrictedMethod.of(ModuleLayer.Controller.class, "enableNativeAccess", ModuleLayer.Controller.class, Module.class)
+            RestrictedMethod.of(ModuleLayer.Controller.class, "enableNativeAccess", ModuleLayer.Controller.class, Module.class),
            RestrictedMethod.of(System.class, "load", void.class, String.class),
            RestrictedMethod.of(System.class, "loadLibrary", void.class, String.class),
            RestrictedMethod.of(Runtime.class, "load", void.class, String.class),
            RestrictedMethod.of(Runtime.class, "loadLibrary", void.class, String.class)
    );
    @Test
--- a/test/jdk/java/foreign/enablenativeaccess/TestEnableNativeAccess.java
+++ b/test/jdk/java/foreign/enablenativeaccess/TestEnableNativeAccess.java
@ -28,6 +28,10 @@
 * @library /test/lib
 * @build TestEnableNativeAccess
 *        panama_module/*
 *        panama_jni_load_module/*
 *        panama_jni_def_module/*
 *        panama_jni_use_module/*
 *
 *        org.openjdk.foreigntest.unnamed.PanamaMainUnnamedModule
 * @run testng/othervm/timeout=180 TestEnableNativeAccess
 * @summary Basic test for java --enable-native-access
@ -62,20 +66,25 @@ public class TestEnableNativeAccess extends TestEnableNativeAccessBase {
                { "panama_enable_native_access", PANAMA_MAIN, successNoWarning(), new String[]{"--enable-native-access=panama_module"} },
                { "panama_enable_native_access_reflection", PANAMA_REFLECTION, successNoWarning(), new String[]{"--enable-native-access=panama_module"} },
                { "panama_enable_native_access_invoke", PANAMA_INVOKE, successNoWarning(), new String[]{"--enable-native-access=panama_module"} },
                { "panama_enable_native_access_jni", PANAMA_JNI, successNoWarning(), new String[]{"--enable-native-access=ALL-UNNAMED"} },
                { "panama_comma_separated_enable", PANAMA_MAIN, successNoWarning(), new String[]{"--enable-native-access=java.base,panama_module"} },
                { "panama_comma_separated_enable_reflection", PANAMA_REFLECTION, successNoWarning(), new String[]{"--enable-native-access=java.base,panama_module"} },
                { "panama_comma_separated_enable_invoke", PANAMA_INVOKE, successNoWarning(), new String[]{"--enable-native-access=java.base,panama_module"} },
-                { "panama_comma_separated_enable_jni", PANAMA_JNI, successNoWarning(), new String[]{"--enable-native-access=java.base,ALL-UNNAMED"} },
+                { "panama_comma_separated_enable_jni", PANAMA_JNI, successNoWarning(), new String[]{"--enable-native-access=panama_jni_load_module,panama_jni_def_module,ALL-UNNAMED"} },
                { "panama_enable_native_access_warn", PANAMA_MAIN, successWithWarning("panama"), new String[]{} },
                { "panama_enable_native_access_warn_reflection", PANAMA_REFLECTION, successWithWarning("panama"), new String[]{} },
                { "panama_enable_native_access_warn_invoke", PANAMA_INVOKE, successWithWarning("panama"), new String[]{} },
-                { "panama_enable_native_access_warn_jni", PANAMA_JNI, successWithWarning("ALL-UNNAMED"), new String[]{} },
+                { "panama_enable_native_access_warn_jni", PANAMA_JNI, successWithWarnings("panama_jni_load_module", "panama_jni_def_module", "ALL-UNNAMED"), new String[]{} },
                { "panama_enable_native_access_allow", PANAMA_MAIN, successNoWarning(), new String[]{"--illegal-native-access=allow"} },
                { "panama_enable_native_access_allow_reflection", PANAMA_REFLECTION, successNoWarning(), new String[]{"--illegal-native-access=allow"} },
                { "panama_enable_native_access_allow_invoke", PANAMA_INVOKE, successNoWarning(), new String[]{"--illegal-native-access=allow"} },
                { "panama_enable_native_access_allow_jni", PANAMA_JNI, successNoWarning(), new String[]{"--illegal-native-access=allow"} },
                { "panama_no_unnamed_module_native_access", UNNAMED, successWithWarning("ALL-UNNAMED"), new String[]{} },
                { "panama_all_unnamed_module_native_access", UNNAMED, successNoWarning(), new String[]{"--enable-native-access=ALL-UNNAMED"} },
                { "panama_allow_unnamed_module_native_access", UNNAMED, successNoWarning(), new String[]{"--illegal-native-access=allow"} },
        };
    }
@ -131,12 +140,38 @@ public class TestEnableNativeAccess extends TestEnableNativeAccessBase {
     * Specifies bad value to --enable-native-access.
     */
    public void testBadValue() throws Exception {
-        run("panama_enable_native_access_warn_unknown_module", PANAMA_MAIN,
+        run("panama_deny_bad_unknown_module", PANAMA_MAIN,
                failWithWarning("WARNING: Unknown module: BAD specified to --enable-native-access"),
-                "--enable-native-access=BAD");
+                "--illegal-native-access=deny", "--enable-native-access=BAD");
-        run("panama_no_all_module_path_blanket_native_access", PANAMA_MAIN,
+        run("panama_deny_bad_all_module_path_module", PANAMA_MAIN,
                failWithWarning("WARNING: Unknown module: ALL-MODULE-PATH specified to --enable-native-access"),
-                "--enable-native-access=ALL-MODULE-PATH" );
+                "--illegal-native-access=deny", "--enable-native-access=ALL-MODULE-PATH" );
        run("panama_deny_no_module_main", PANAMA_MAIN,
                failWithError("module panama_module"),
                "--illegal-native-access=deny");
        run("panama_deny_no_module_invoke", PANAMA_INVOKE,
                failWithError("module panama_module"),
                "--illegal-native-access=deny");
        run("panama_deny_no_module_reflection", PANAMA_REFLECTION,
                failWithError("module panama_module"),
                "--illegal-native-access=deny");
        run("panama_deny_no_module_jni", PANAMA_JNI,
                failWithError("module panama_jni_load_module"),
                "--illegal-native-access=deny");
    }
    public void testDetailedWarningMessage() throws Exception {
        run("panama_enable_native_access_warn_jni", PANAMA_JNI,
                success()
                        // call to System::loadLibrary from panama_jni_load_module
                        .expect("WARNING: A restricted method in java.lang.System has been called")
                        .expect("WARNING: java.lang.System::loadLibrary has been called by org.openjdk.jni.PanamaMainJNI in module panama_jni_load_module")
                        // JNI native method binding in panama_jni_def_module
                        .expect("WARNING: A native method in org.openjdk.jni.def.PanamaJNIDef has been bound")
                        .expect("WARNING: org.openjdk.jni.def.PanamaJNIDef::nativeLinker0 is declared in module panama_jni_def_module")
                        // upcall to Linker::downcallHandle from JNI code
                        .expect("WARNING: A restricted method in java.lang.foreign.Linker has been called")
                        .expect("WARNING: java.lang.foreign.Linker::downcallHandle has been called by code in an unnamed module"));
    }
    private int count(Iterable<String> lines, CharSequence cs) {
--- a/test/jdk/java/foreign/enablenativeaccess/TestEnableNativeAccessBase.java
+++ b/test/jdk/java/foreign/enablenativeaccess/TestEnableNativeAccessBase.java
@ -38,8 +38,8 @@ public class TestEnableNativeAccessBase {
    static final String PANAMA_REFLECTION = "panama_module/" + PANAMA_REFLECTION_CLS;
    static final String PANAMA_INVOKE_CLS = "org.openjdk.foreigntest.PanamaMainInvoke";
    static final String PANAMA_INVOKE = "panama_module/" + PANAMA_INVOKE_CLS;
-    static final String PANAMA_JNI_CLS = "org.openjdk.foreigntest.PanamaMainJNI";
+    static final String PANAMA_JNI_CLS = "org.openjdk.jni.PanamaMainJNI";
-    static final String PANAMA_JNI = "panama_module/" + PANAMA_JNI_CLS;
+    static final String PANAMA_JNI = "panama_jni_load_module/" + PANAMA_JNI_CLS;
    static final String UNNAMED = "org.openjdk.foreigntest.unnamed.PanamaMainUnnamedModule";
    /**
@ -99,6 +99,14 @@ public class TestEnableNativeAccessBase {
        return success().expect("WARNING").expect("--enable-native-access=" + moduleName);
    }
    static Result successWithWarnings(String... moduleNames) {
        Result result = success();
        for (String moduleName : moduleNames) {
            result = result.expect("WARNING").expect("--enable-native-access=" + moduleName);
        }
        return result;
    }
    static Result failWithWarning(String expectedOutput) {
        return new Result(false).expect(expectedOutput).expect("WARNING");
    }
--- a/test/jdk/java/foreign/enablenativeaccess/TestEnableNativeAccessDynamic.java
+++ b/test/jdk/java/foreign/enablenativeaccess/TestEnableNativeAccessDynamic.java
@ -56,7 +56,7 @@ public class TestEnableNativeAccessDynamic extends TestEnableNativeAccessBase {
    @DataProvider(name = "failureCases")
    public Object[][] failureCases() {
-        String errMsg = "Illegal native access from: module panama_module";
+        String errMsg = "Illegal native access from module panama_module";
        return new Object[][] {
                { "panama_enable_native_access_fail", PANAMA_MAIN, failWithError(errMsg) },
                { "panama_enable_native_access_fail_reflection", PANAMA_REFLECTION, failWithError(errMsg) },
@ -73,6 +73,7 @@ public class TestEnableNativeAccessDynamic extends TestEnableNativeAccessBase {
            Result expectedResult, boolean panamaModuleInBootLayer) throws Exception
    {
        List<String> list = new ArrayList<>();
        list.add("--illegal-native-access=deny");
        if (panamaModuleInBootLayer) {
            list.addAll(List.of("-p", MODULE_PATH));
            list.add("--add-modules=panama_module");
--- a/test/jdk/java/foreign/enablenativeaccess/panama_jni_def_module/module-info.java
+++ b/test/jdk/java/foreign/enablenativeaccess/panama_jni_def_module/module-info.java
@ -0,0 +1,26 @@
 /*
 * Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */
 module panama_jni_def_module {
    exports org.openjdk.jni.def;
 }
--- a/test/jdk/java/foreign/enablenativeaccess/panama_jni_def_module/org/openjdk/jni/def/PanamaJNIDef.java
+++ b/test/jdk/java/foreign/enablenativeaccess/panama_jni_def_module/org/openjdk/jni/def/PanamaJNIDef.java
@ -0,0 +1,32 @@
 /*
 * Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */
 package org.openjdk.jni.def;
 import java.lang.foreign.FunctionDescriptor;
 import java.lang.foreign.Linker;
 public class PanamaJNIDef {
    public static native void nativeLinker0(Linker linker, FunctionDescriptor desc, Linker.Option[] options);
 }
--- a/test/jdk/java/foreign/enablenativeaccess/panama_jni_def_module/org/openjdk/jni/def/libLinkerInvokerModule.cpp
+++ b/test/jdk/java/foreign/enablenativeaccess/panama_jni_def_module/org/openjdk/jni/def/libLinkerInvokerModule.cpp
@ -47,7 +47,7 @@ void call(void* arg) {
 extern "C" {
    JNIEXPORT void JNICALL
-    Java_org_openjdk_foreigntest_PanamaMainJNI_nativeLinker0(JNIEnv *env, jclass cls, jobject linker, jobject desc, jobjectArray opts) {
+    Java_org_openjdk_jni_def_PanamaJNIDef_nativeLinker0(JNIEnv *env, jclass cls, jobject linker, jobject desc, jobjectArray opts) {
        Context context;
        env->GetJavaVM(&context.jvm);
        context.linker = env->NewGlobalRef(linker);
--- a/test/jdk/java/foreign/enablenativeaccess/panama_jni_load_module/module-info.java
+++ b/test/jdk/java/foreign/enablenativeaccess/panama_jni_load_module/module-info.java
@ -0,0 +1,27 @@
 /*
 * Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.
 *
 * This code is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 * version 2 for more details (a copy is included in the LICENSE file that
 * accompanied this code).
 *
 * You should have received a copy of the GNU General Public License version
 * 2 along with this work; if not, write to the Free Software Foundation,
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 *
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 * or visit www.oracle.com if you need additional information or have any
 * questions.
 */
 module panama_jni_load_module {
    exports org.openjdk.jni;
    requires panama_jni_use_module;
 }
--- a/Show more
+++ b/Show more