[luckylion]

I believe the blocking is done on a domain/host level, so you'd block google.com in that case. That's likely not required, because google.com is generally thought to be okay, but you are correct that even that may be problematic. If your IP has searched for "$governmentBuilding blueprints" and there's a bomb planted at that building a week later, you could become a person of interest (provided that Google saves the ip for queries).

Blocking *.onion on the other hand wouldn't be necessary from a "legal protection" standpoint: hidden services don't see the original IP of the client.

[swinglock]

Google knows IPs are shared and track on L7, they know Tor, NAT, CGNAT. So I'd wager if you share access to Google via Tor you'd get issues with Google quite quickly if not logged in and easily L7 traceable, in form of captchas and blocks everywhere.