Set default hidden API policy to dark+black When invoking dex2oat, only a boolean flag is used to enabled/disable hidden API checks, instead of a 2-bit value passed down to zygote. When the flag is true, use dark+black lists as the enforcement policy. This is conservative, as compiling with both lists enforced may lead to more classes being re-verified at runtime, but correctness is preserved. Bug: 64382372 Bug: 79738462 Test: N/A Merged-In: If15723ad40b99c5475f10561b5b3a669a8fb01c7 Change-Id: If15723ad40b99c5475f10561b5b3a669a8fb01c7 (cherry picked from commit 46226f02fdfe50e1d49ffd77d3e99598ff79d9b9)

commit: b73114e9ecd7a65df4abf648184dab8608f38e1d [log] [tgz]
author: David Brazdil <dbrazdil@google.com> Mon May 14 15:34:32 2018 +0100
committer: David Brazdil <dbrazdil@google.com> Tue May 15 14:23:36 2018 +0000
tree: 8c8c5b5cd6511f20b0308b81b9024ef696cf4a38
parent: 4fe044c8c0e5744ac5b62594d88cbc464472bc74 [diff]
diff --git a/runtime/runtime.cc b/runtime/runtime.cc
index 4062d17..7696729 100644
--- a/runtime/runtime.cc
+++ b/runtime/runtime.cc

@@ -1216,7 +1216,7 @@
   // As is, we're encoding some logic here about which specific policy to use, which would be better
   // controlled by the framework.
   hidden_api_policy_ = do_hidden_api_checks
-      ? hiddenapi::EnforcementPolicy::kBlacklistOnly
+      ? hiddenapi::EnforcementPolicy::kDarkGreyAndBlackList
       : hiddenapi::EnforcementPolicy::kNoChecks;
 
   no_sig_chain_ = runtime_options.Exists(Opt::NoSigChain);
commit	b73114e9ecd7a65df4abf648184dab8608f38e1d	[log] [tgz]
author	David Brazdil <dbrazdil@google.com>	Mon May 14 15:34:32 2018 +0100
committer	David Brazdil <dbrazdil@google.com>	Tue May 15 14:23:36 2018 +0000
tree	8c8c5b5cd6511f20b0308b81b9024ef696cf4a38
parent	4fe044c8c0e5744ac5b62594d88cbc464472bc74 [diff]