Make ActiveTabPermissionManager also grant the tabs permission.

chrome/renderer/extensions/extension_dispatcher.cc

Index: chrome/renderer/extensions/extension_dispatcher.cc
diff --git a/chrome/renderer/extensions/extension_dispatcher.cc b/chrome/renderer/extensions/extension_dispatcher.cc
index 362517c656f90ffc4c98db22fdb38303407d5e82..83cd913746ccadaeb1645248383accaffef2a4da 100644
--- a/chrome/renderer/extensions/extension_dispatcher.cc
+++ b/chrome/renderer/extensions/extension_dispatcher.cc
@@ -77,6 +77,7 @@ using WebKit::WebView;
 using content::RenderThread;
 using content::RenderView;
 using extensions::APIPermission;
+using extensions::APIPermissionSet;
 using extensions::ApiDefinitionsNatives;
 using extensions::AppWindowCustomBindings;
 using extensions::ContextMenusCustomBindings;
@@ -936,7 +937,9 @@ void ExtensionDispatcher::OnUpdateTabSpecificPermissions(
   if (!extension)
     return;
 
-  extension->SetTabSpecificHostPermissions(tab_id, origin_set);
+  extension->UpdateTabSpecificPermissions(
+      tab_id,
+      new PermissionSet(APIPermissionSet(), origin_set, URLPatternSet()));
 }
 
 void ExtensionDispatcher::OnClearTabSpecificPermissions(
@@ -946,7 +949,7 @@ void ExtensionDispatcher::OnClearTabSpecificPermissions(
        it != extension_ids.end(); ++it) {
     const Extension* extension = extensions_.GetByID(*it);
     if (extension)
-      extension->ClearTabSpecificHostPermissions(tab_id);
+      extension->ClearTabSpecificPermissions(tab_id);
   }
 }
 
@@ -1055,7 +1058,20 @@ bool ExtensionDispatcher::CheckCurrentContextAccessToExtensionAPI(
     return false;
   }
 
-  if (!context->extension() ||
+  if (!context->extension()) {
+    v8::ThrowException(
+        v8::Exception::Error(v8::String::New("Not in an extension.")));
+    return false;
+  }
+
+  // Whitelist tabs.executeScript and tabs.insertCSS since they might be
+  // controlled by activeTab. The browser will do the relevant access checks.
+  // We either do this or propagate all tab IDs to renderers with extensions
+  // that have activeTab.
+  bool skip_permission_check = (function_name == "tabs.executeScript") ||

[Aaron Boodman, 2012/07/31 14:53:43]

Wait, then why are we sending the active tab permissions into the renderers in
the first place?

[not at google - send to devlin, 2012/07/31 15:09:05]

The renderer does a check in UserScriptScheduler against the host permissions,
as the last thing that checks permissions before injecting the script (the
browser also does, but acknowledges race conditions with the page changing in
the 

That involves sending the active tab permissions to the renderer that has the
permissions (nothing is sent to the background page).

But for this to work (avoiding whitelisting these functions), we'd need to send
the active tab stuff for every renderer to the background page. Come to think of
it, that's not so unreasonable. More IPC code but whatever.

[not at google - send to devlin, 2012/08/01 13:57:04]

I remember again why I did this. Oops. Comment updated.

+                               (function_name == "tabs.insertCSS");
+
+  if (!skip_permission_check &&
       !context->extension()->HasAPIPermission(function_name)) {
     static const char kMessage[] =
         "You do not have permission to use '%s'. Be sure to declare"