Access to gnu.classpath.* classes must be restricted to classes loaded by the bootstrap loader. See this thread: http://lists.gnu.org/archive/html/classpath-patches/2004-12/msg00035.html Ostensibly this is done by setting the package.access property, but this does not seem to be done anywhere in Classpath...
Confirmed.
the package.access Security property should be set whenever the classpath.security file is read and it defines such a property. At the moment the default classpath.security file doesn't have such a property. Also note that we never do a SecurityManger.definePackage() check or define the package.definition Security property (in classpath.security).
Closing as won't fix as libgcj (and the java front-end) has been removed from the trunk.