Introduced the URLBlacklistManager, and wired it to various places.

chrome/browser/net/chrome_network_delegate.cc

Index: chrome/browser/net/chrome_network_delegate.cc
diff --git a/chrome/browser/net/chrome_network_delegate.cc b/chrome/browser/net/chrome_network_delegate.cc
index 41cedf3124f7bb0a00bdfb92fd451a2737bb8d83..e51d3a31e4f434528b6a5299ac0436d30397c9c4 100644
--- a/chrome/browser/net/chrome_network_delegate.cc
+++ b/chrome/browser/net/chrome_network_delegate.cc
@@ -10,6 +10,7 @@
 #include "chrome/browser/extensions/extension_info_map.h"
 #include "chrome/browser/extensions/extension_proxy_api.h"
 #include "chrome/browser/extensions/extension_webrequest_api.h"
+#include "chrome/browser/policy/host_blacklist_manager.h"
 #include "chrome/browser/prefs/pref_member.h"
 #include "chrome/browser/task_manager/task_manager.h"
 #include "chrome/common/pref_names.h"
@@ -43,11 +44,13 @@ void ForwardProxyErrors(net::URLRequest* request,
 ChromeNetworkDelegate::ChromeNetworkDelegate(
     ExtensionEventRouterForwarder* event_router,
     ExtensionInfoMap* extension_info_map,
+    policy::HostBlacklistManager* host_blacklist_manager,
     void* profile,
     BooleanPrefMember* enable_referrers)
     : event_router_(event_router),
       profile_(profile),
       extension_info_map_(extension_info_map),
+      host_blacklist_manager_(host_blacklist_manager),
       enable_referrers_(enable_referrers) {
   DCHECK(event_router);
   DCHECK(enable_referrers);
@@ -68,6 +71,13 @@ int ChromeNetworkDelegate::OnBeforeURLRequest(
     net::URLRequest* request,
     net::CompletionCallback* callback,
     GURL* new_url) {
+  if (host_blacklist_manager_.get() &&
+      host_blacklist_manager_->ShouldBlockRequest(request->url())) {
+    // URL access blocked by policy.
+    // TODO(joaodasilva): this error code isn't quite correct

[willchan no longer on Chromium, 2011/08/26 11:40:21]

This error code is wrong. Maybe ERR_ACCESS_DENIED would be better. Also, does
this break the WebRequest API? What's the right way to let the WebRequest API
know that it's getting denied? I suggest you talk to mpcomplete/battre.

[Joao da Silva, 2011/08/29 11:24:25]

This error was chosen because it's the same that is used by the WebRequest API
when an extension cancels a request. I thought of adding a net error code like
ERR_BLOCKED_BY_POLICY, but that can be considered a layering violation.

There's both ACCESS_DENIED (documented as "Permission to access a resource,
other than the network, was denied."), and NETWORK_ACCESS_DENIED ("Permission to
access the network was denied. This is used to distinguish errors that were most
likely caused by a firewall from other access denied errors.").
NETWORK_ACCESS_DENIED seems more appropriate in this case, WDYT?

I've pinged mpcomplete and battre on the issue too.

[willchan no longer on Chromium, 2011/09/01 00:49:33]

I think the correct way to handle this is to use ERR_NETWORK_ACCESS_DENIED and
log the more specific reason to the NetLog.
This is quite important, so please talk to them and report back.

+    return net::ERR_EMPTY_RESPONSE;
+  }
+
   if (!enable_referrers_->GetValue())
     request->set_referrer(std::string());
   return ExtensionWebRequestEventRouter::GetInstance()->OnBeforeRequest(