We have implemented an information flow framework for the Java Virtual Machine that combines static and dynamic techniques to capture not only explicit flows, but also im- plicit ones resulting from control flow. Unlike other ap- proaches that freeze policies at time of compilation, our system truly separates policy and enforcement mechanism and thereby permits policy changes even while a program is running. Ahead of execution, we run a static analysis that annotates an executable with information-flow information. During execution, we then use the annotations to safely up- date the labels of variables that lie in alternative paths of execution while enforcing the policy currently in place. Our framework doesn't require access to source code and is fully backward-compatible with existing Java class files. Prelim- inary benchmark results suggest that the run-time overhead of information flow techniques such as ours is well within acceptable range for many application domains.