Set default hidden API policy to dark+black When invoking dex2oat, only a boolean flag is used to enabled/disable hidden API checks, instead of a 2-bit value passed down to zygote. When the flag is true, use dark+black lists as the enforcement policy. This is conservative, as compiling with both lists enforced may lead to more classes being re-verified at runtime, but correctness is preserved. Bug: 64382372 Test: N/A Change-Id: If15723ad40b99c5475f10561b5b3a669a8fb01c7

commit: 46226f02fdfe50e1d49ffd77d3e99598ff79d9b9 [log] [tgz]
author: David Brazdil <dbrazdil@google.com> Mon May 14 15:34:32 2018 +0100
committer: David Brazdil <dbrazdil@google.com> Mon May 14 15:34:32 2018 +0100
tree: 06a933c38e710a9ce96d9a26688786c76abf1c6e
parent: 32bde99142c5e59b8cad572d9a7b5a81ee12cd00 [diff]
diff --git a/runtime/runtime.cc b/runtime/runtime.cc
index b8775b8..4142cb0 100644
--- a/runtime/runtime.cc
+++ b/runtime/runtime.cc

@@ -1198,7 +1198,7 @@
   // As is, we're encoding some logic here about which specific policy to use, which would be better
   // controlled by the framework.
   hidden_api_policy_ = do_hidden_api_checks
-      ? hiddenapi::EnforcementPolicy::kBlacklistOnly
+      ? hiddenapi::EnforcementPolicy::kDarkGreyAndBlackList
       : hiddenapi::EnforcementPolicy::kNoChecks;
 
   no_sig_chain_ = runtime_options.Exists(Opt::NoSigChain);
commit	46226f02fdfe50e1d49ffd77d3e99598ff79d9b9	[log] [tgz]
author	David Brazdil <dbrazdil@google.com>	Mon May 14 15:34:32 2018 +0100
committer	David Brazdil <dbrazdil@google.com>	Mon May 14 15:34:32 2018 +0100
tree	06a933c38e710a9ce96d9a26688786c76abf1c6e
parent	32bde99142c5e59b8cad572d9a7b5a81ee12cd00 [diff]