The current descriptions of the 'package.access' and 'package.definition' security properties are no longer accurate in the java.security configuration file.

The behavior of these properties was changed with the introduction of the JDK modular system in JDK 9.

====

#
# List of comma-separated packages that start with or equal this string
# will cause a security exception to be thrown when passed to the
# SecurityManager::checkPackageAccess method unless the corresponding
# RuntimePermission("accessClassInPackage."+package) has been granted.
#
package.access=sun.misc.,\
               sun.reflect.,\

#
# List of comma-separated packages that start with or equal this string
# will cause a security exception to be thrown when passed to the
# SecurityManager::checkPackageDefinition method unless the corresponding
# RuntimePermission("defineClassInPackage."+package) has been granted.
#
# By default, none of the class loaders supplied with the JDK call
# checkPackageDefinition.
#
package.definition=sun.misc.,\
                   sun.reflect.,\


===

The implementation comments in SecurityManager.checkPackageAccess(String pkg) and SecurityManager.checkPackageDefinition(String pkg) describe better how these properties now function