policytool uses core reflection to create permission objects. It also has references (by String) to several Java SE permission types that it can't create because the jdk.policytool does not read the containing module. Yuri Nesterenko reports that manual tests for this tool are failing with IllegalAccessException.