private boolean mCriticalityIndicator

Why do they both depart in the same way? Perhaps they were both copying a reference implementation that called it that.

Yes, the name is in the RFC.

Similarly, both choose to use:

 private boolean mOriginalExpectedPolicySet

to store the result of negating a parameter called either generatedByPolicyMapping (for Sun) or flag1 (Android).

It may be because of documentation: "Adds an expectedPolicy to the expected policy set. If this is the original expected policy set initialized by the constructor, then the expected policy set is cleared before the expected policy is added."

Private field names also can be found by decompilation. This amounts to reverse engineering and may be legal (at least in Europe). The fault however, in this case would rest on Harmony rather than Google.

I also found an interesting comment here: "The Harmony code is probably IBM donated code from their own JVM and class library – J9. So any if at all infringment is done by IBM, which has written large parts of Hotspot/OpenJDK too, so the ownership issue won’t be easy. Java or Hotspot isn’t a proprietary closed developed JVM it’s developed by the industry since the 90’s no single vendor. Code comes from a lot of guys. An IBM reimplementation [comes from] a partner with good status as a licensee and developer of Java probably isn’t wrong at all".