...
The fourth goal can be achieved in part, by granting code specific permissions and protecting it from accessing classes in certain packages. This can be achieved by using the accessClassInPackage permission (SEC07-J. Do not allow the unauthorized construction of sensitive classes existing in untrusted packages). Doing so does not limit what system classes can do, however, it allows restricting the range of system packages that can be invoked from less-privileged code.
...