Reorder permission message rules, so that related rules appear together

chrome/common/extensions/permissions/chrome_permission_message_rules.cc

Index: chrome/common/extensions/permissions/chrome_permission_message_rules.cc
diff --git a/chrome/common/extensions/permissions/chrome_permission_message_rules.cc b/chrome/common/extensions/permissions/chrome_permission_message_rules.cc
index 3ccd4707c5beacb504ad394a196a28192070a332..61a0e56a78b49730455cef02ffb92cc98ff57669 100644
--- a/chrome/common/extensions/permissions/chrome_permission_message_rules.cc
+++ b/chrome/common/extensions/permissions/chrome_permission_message_rules.cc
@@ -384,38 +384,42 @@ ChromePermissionMessageRule::GetAllRules() {
   // enough that rules like this should not occur; the visibility of the rules
   // system should allow us to design a system that is simple enough to explain
   // yet powerful enough to encapsulate all the messages we want to display.
-  //
-  // TODO(sashab): Once existing message sites are deprecated, reorder this list
-  // to better describe the rules generated, rather than the callsites they are
-  // migrated from.
   ChromePermissionMessageRule rules_arr[] = {
-      // Full url access permission messages.
+      // Full access permission messages.
       {IDS_EXTENSION_PROMPT_WARNING_DEBUGGER, {APIPermission::kDebugger}, {}},
       {IDS_EXTENSION_PROMPT_WARNING_FULL_ACCESS,
        {APIPermission::kPlugin},
+       // TODO(treib): Add the other IDs implied by kFullAccess/kHostsAll.
        {APIPermission::kFullAccess, APIPermission::kHostsAll,
         APIPermission::kHostsAllReadOnly, APIPermission::kDeclarativeWebRequest,
         APIPermission::kTopSites, APIPermission::kTab}},
       {IDS_EXTENSION_PROMPT_WARNING_FULL_ACCESS,
        {APIPermission::kFullAccess},
+       // TODO(treib): Add the other IDs implied by kHostsAll.
        {APIPermission::kHostsAll, APIPermission::kHostsAllReadOnly,
         APIPermission::kDeclarativeWebRequest, APIPermission::kTopSites,
         APIPermission::kTab}},
 
-      // Parameterized permission messages:
-      // Messages generated by the sockets permission.
-      {new SpaceSeparatedListFormatter(
-           IDS_EXTENSION_PROMPT_WARNING_SOCKET_HOSTS_IN_DOMAIN,
-           IDS_EXTENSION_PROMPT_WARNING_SOCKET_HOSTS_IN_DOMAINS),
-       {APIPermission::kSocketDomainHosts},
-       {}},
-      {new SpaceSeparatedListFormatter(
-           IDS_EXTENSION_PROMPT_WARNING_SOCKET_SPECIFIC_HOST,
-           IDS_EXTENSION_PROMPT_WARNING_SOCKET_SPECIFIC_HOSTS),
-       {APIPermission::kSocketSpecificHosts},
-       {}},
+      // Hosts permission messages.
+      // Full host access already allows DeclarativeWebRequest, reading the list
+      // of most frequently visited sites, and tab access.
+      // The warning message for declarativeWebRequest permissions speaks about
+      // blocking parts of pages, which is a subset of what the "<all_urls>"
+      // access allows. Therefore we display only the "<all_urls>" warning
+      // message if both permissions are required.
+      {IDS_EXTENSION_PROMPT_WARNING_ALL_HOSTS,
+       {APIPermission::kHostsAll},
+       // TODO(treib): Add kHostReadWrite and kHostReadOnly.
+       {APIPermission::kDeclarativeWebRequest, APIPermission::kFavicon,
+        APIPermission::kHostsAllReadOnly, APIPermission::kProcesses,
+        APIPermission::kTab, APIPermission::kTopSites,
+        APIPermission::kWebNavigation}},
+      {IDS_EXTENSION_PROMPT_WARNING_ALL_HOSTS_READ_ONLY,
+       {APIPermission::kHostsAllReadOnly},
+       // TODO(treib): Add kHostReadOnly.
+       {APIPermission::kFavicon, APIPermission::kProcesses, APIPermission::kTab,
+        APIPermission::kTopSites, APIPermission::kWebNavigation}},
 
-      // Messages generated by host permissions.
       {new CommaSeparatedListFormatter(
            IDS_EXTENSION_PROMPT_WARNING_1_HOST_READ_ONLY,
            IDS_EXTENSION_PROMPT_WARNING_2_HOSTS_READ_ONLY,
@@ -430,6 +434,55 @@ ChromePermissionMessageRule::GetAllRules() {
        {APIPermission::kHostReadWrite},
        {}},
 
+      // History-related permission messages.
+      // History already allows reading favicons, tab access and accessing the
+      // list of most frequently visited sites.
+      {IDS_EXTENSION_PROMPT_WARNING_HISTORY_WRITE_AND_SESSIONS,
+       {APIPermission::kSessions, APIPermission::kHistory},
+       {APIPermission::kFavicon, APIPermission::kProcesses, APIPermission::kTab,
+        APIPermission::kTopSites, APIPermission::kWebNavigation}},
+      {IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ_AND_SESSIONS,
+       {APIPermission::kSessions, APIPermission::kTab},
+       {APIPermission::kFavicon, APIPermission::kProcesses,
+        APIPermission::kTopSites, APIPermission::kWebNavigation}},
+      {IDS_EXTENSION_PROMPT_WARNING_HISTORY_WRITE,
+       {APIPermission::kHistory},
+       {APIPermission::kFavicon, APIPermission::kProcesses, APIPermission::kTab,
+        APIPermission::kTopSites, APIPermission::kWebNavigation}},
+      {IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ,
+       {APIPermission::kTab},
+       {APIPermission::kFavicon, APIPermission::kProcesses,
+        APIPermission::kTopSites, APIPermission::kWebNavigation}},
+      // TODO(treib): Should we have _AND_SESSIONS versions of these 2 as well?

[Devlin, 2015/09/01 15:55:24]

I looked a bit more into it, and I think I understand why this is the case.  The
sessions api includes the ability to query for tabs that were from a session on
a previous device, but those tabs will only be generated with the url if the
extension has the tabs permission.  Having permissions like processes and
navigation doesn't help with that.  So I think this is actually okay.  (That
said, a 1-2 line comment explaining that might be worthwhile so we don't scratch
our heads about this in a month. :))

[Marc Treib, 2015/09/01 15:59:50]

Ah, good to know! Thanks for investigating!
I already sent you a followup CL that adds these AND_SESSIONS rules; I'll update
it to remove them again and instead add that comment.

+      {IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ,
+       {APIPermission::kProcesses},
+       {}},
+      {IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ,
+       {APIPermission::kWebNavigation},
+       {}},
+      {IDS_EXTENSION_PROMPT_WARNING_FAVICON, {APIPermission::kFavicon}, {}},
+      {IDS_EXTENSION_PROMPT_WARNING_TOPSITES, {APIPermission::kTopSites}, {}},
+      {IDS_EXTENSION_PROMPT_WARNING_DECLARATIVE_WEB_REQUEST,
+       {APIPermission::kDeclarativeWebRequest},
+       {}},
+
+      // Messages generated by the sockets permission.
+      {IDS_EXTENSION_PROMPT_WARNING_SOCKET_ANY_HOST,
+       {APIPermission::kSocketAnyHost},
+       // TODO(treib): Add kSocketDomainHosts and kSocketSpecificHosts.
+       {}},
+      {new SpaceSeparatedListFormatter(
+           IDS_EXTENSION_PROMPT_WARNING_SOCKET_HOSTS_IN_DOMAIN,
+           IDS_EXTENSION_PROMPT_WARNING_SOCKET_HOSTS_IN_DOMAINS),
+       {APIPermission::kSocketDomainHosts},
+       {}},
+      {new SpaceSeparatedListFormatter(
+           IDS_EXTENSION_PROMPT_WARNING_SOCKET_SPECIFIC_HOST,
+           IDS_EXTENSION_PROMPT_WARNING_SOCKET_SPECIFIC_HOSTS),
+       {APIPermission::kSocketSpecificHosts},
+       {}},
+
+      // Devices-related messages.
       // USB Device Permission rules. Think of these three rules as a single one
       // that applies when any of the three kUsb* IDs is there, and pulls them
       // all into a single formatter.
@@ -441,20 +494,37 @@ ChromePermissionMessageRule::GetAllRules() {
        {APIPermission::kUsbDeviceUnknownProduct},
        {APIPermission::kUsbDeviceUnknownVendor}},
       {new USBDevicesFormatter, {APIPermission::kUsbDeviceUnknownVendor}, {}},
-
-      // Coalesced message rules taken from
-      // ChromePermissionMessageProvider::GetWarningMessages():
-
       // Access to users' devices should provide a single warning message
       // specifying the transport method used; serial and/or Bluetooth.
       {IDS_EXTENSION_PROMPT_WARNING_BLUETOOTH_SERIAL,
        {APIPermission::kBluetooth, APIPermission::kSerial},
        {APIPermission::kBluetoothDevices}},
+      {IDS_EXTENSION_PROMPT_WARNING_BLUETOOTH,
+       {APIPermission::kBluetooth},
+       {APIPermission::kBluetoothDevices}},
+      {IDS_EXTENSION_PROMPT_WARNING_BLUETOOTH_DEVICES,
+       {APIPermission::kBluetoothDevices},
+       {}},
+      {IDS_EXTENSION_PROMPT_WARNING_BLUETOOTH_PRIVATE,
+       {APIPermission::kBluetoothPrivate},
+       {}},
+      {IDS_EXTENSION_PROMPT_WARNING_SERIAL, {APIPermission::kSerial}, {}},
+      // Universal 2nd Factor devices.
+      {IDS_EXTENSION_PROMPT_WARNING_U2F_DEVICES,
+       {APIPermission::kU2fDevices},
+       {}},
 
+      // Accessibility features.
       {IDS_EXTENSION_PROMPT_WARNING_ACCESSIBILITY_FEATURES_READ_MODIFY,
        {APIPermission::kAccessibilityFeaturesModify,
         APIPermission::kAccessibilityFeaturesRead},
        {}},
+      {IDS_EXTENSION_PROMPT_WARNING_ACCESSIBILITY_FEATURES_MODIFY,
+       {APIPermission::kAccessibilityFeaturesModify},
+       {}},
+      {IDS_EXTENSION_PROMPT_WARNING_ACCESSIBILITY_FEATURES_READ,
+       {APIPermission::kAccessibilityFeaturesRead},
+       {}},
 
       // TODO(sashab): Add the missing combinations of media galleries
       // permissions so a valid permission is generated for all combinations.
@@ -475,63 +545,59 @@ ChromePermissionMessageRule::GetAllRules() {
        {APIPermission::kMediaGalleriesAllGalleriesRead},
        {}},
 
-      {IDS_EXTENSION_PROMPT_WARNING_HISTORY_WRITE_AND_SESSIONS,
-       {APIPermission::kSessions, APIPermission::kHistory},
-       {APIPermission::kFavicon, APIPermission::kProcesses, APIPermission::kTab,
-        APIPermission::kTopSites, APIPermission::kWebNavigation}},
-      {IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ_AND_SESSIONS,
-       {APIPermission::kSessions, APIPermission::kTab},
-       {APIPermission::kFavicon, APIPermission::kProcesses,
-        APIPermission::kTopSites, APIPermission::kWebNavigation}},
-
-      // Suppression list taken from
-      // ChromePermissionMessageProvider::GetPermissionMessages():
-      // Some warnings are more generic and/or powerful and supercede other
-      // warnings. In that case, the first message suppresses the second one.
-      {IDS_EXTENSION_PROMPT_WARNING_BLUETOOTH,
-       {APIPermission::kBluetooth},
-       {APIPermission::kBluetoothDevices}},
-      {IDS_EXTENSION_PROMPT_WARNING_BOOKMARKS,
-       {APIPermission::kBookmark},
-       {APIPermission::kOverrideBookmarksUI}},
-      // History already allows reading favicons, tab access and accessing the
-      // list of most frequently visited sites.
-      {IDS_EXTENSION_PROMPT_WARNING_HISTORY_WRITE,
-       {APIPermission::kHistory},
-       {APIPermission::kFavicon, APIPermission::kProcesses, APIPermission::kTab,
-        APIPermission::kTopSites, APIPermission::kWebNavigation}},
+      // The permission string for "fileSystem" is only shown when
+      // "write" or "directory" is present. Read-only access is only
+      // granted after the user has been shown a file or directory
+      // chooser dialog and selected a file or directory. Selecting
+      // the file or directory is considered consent to read it.
       {IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_WRITE_DIRECTORY,
        {APIPermission::kFileSystemWrite, APIPermission::kFileSystemDirectory},
        {}},
-      // Full access already allows DeclarativeWebRequest, reading the list of
-      // most frequently visited sites, and tab access.
-      // The warning message for declarativeWebRequest
-      // permissions speaks about blocking parts of pages, which is a
-      // subset of what the "<all_urls>" access allows. Therefore we
-      // display only the "<all_urls>" warning message if both permissions
-      // are required.
-      {IDS_EXTENSION_PROMPT_WARNING_ALL_HOSTS,
-       {APIPermission::kHostsAll},
-       {APIPermission::kDeclarativeWebRequest, APIPermission::kFavicon,
-        APIPermission::kHostsAllReadOnly, APIPermission::kProcesses,
-        APIPermission::kTab, APIPermission::kTopSites,
-        APIPermission::kWebNavigation}},
-      // AutomationManifestPermission:
-      {IDS_EXTENSION_PROMPT_WARNING_ALL_HOSTS_READ_ONLY,
-       {APIPermission::kHostsAllReadOnly},
-       {APIPermission::kFavicon, APIPermission::kProcesses, APIPermission::kTab,
-        APIPermission::kTopSites, APIPermission::kWebNavigation}},
-      // Tabs already allows reading favicons and reading the list of most
-      // frequently visited sites.
-      {IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ,
-       {APIPermission::kTab},
-       {APIPermission::kFavicon, APIPermission::kProcesses,
-        APIPermission::kTopSites, APIPermission::kWebNavigation}},
+      {IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_DIRECTORY,
+       {APIPermission::kFileSystemDirectory},
+       {}},
 
-      // Individual message rules taken from
-      // ChromeAPIPermissions::GetAllPermissions():
-      // Permission messages for all extension types:
+      // Video and audio capture.
+      {IDS_EXTENSION_PROMPT_WARNING_AUDIO_AND_VIDEO_CAPTURE,
+       {APIPermission::kAudioCapture, APIPermission::kVideoCapture},
+       {}},
+      {IDS_EXTENSION_PROMPT_WARNING_AUDIO_CAPTURE,
+       {APIPermission::kAudioCapture},
+       {}},
+      {IDS_EXTENSION_PROMPT_WARNING_VIDEO_CAPTURE,
+       {APIPermission::kVideoCapture},
+       {}},
+
+      // Network-related permissions.
+      {IDS_EXTENSION_PROMPT_WARNING_NETWORKING_PRIVATE,
+       {APIPermission::kNetworkingPrivate},
+       {}},
+      {IDS_EXTENSION_PROMPT_WARNING_NETWORKING_CONFIG,
+       {APIPermission::kNetworkingConfig},
+       {}},
+      {IDS_EXTENSION_PROMPT_WARNING_NETWORK_STATE,
+       {APIPermission::kNetworkState},
+       {}},
+      {IDS_EXTENSION_PROMPT_WARNING_VPN, {APIPermission::kVpnProvider}, {}},
+      {IDS_EXTENSION_PROMPT_WARNING_WEB_CONNECTABLE,
+       {APIPermission::kWebConnectable},
+       {}},
+      {new SingleParameterFormatter(
+           IDS_EXTENSION_PROMPT_WARNING_HOME_PAGE_SETTING_OVERRIDE),
+       {APIPermission::kHomepage},
+       {}},
+      {new SingleParameterFormatter(
+           IDS_EXTENSION_PROMPT_WARNING_SEARCH_SETTINGS_OVERRIDE),
+       {APIPermission::kSearchProvider},
+       {}},
+      {new SingleParameterFormatter(
+           IDS_EXTENSION_PROMPT_WARNING_START_PAGE_SETTING_OVERRIDE),
+       {APIPermission::kStartupPages},
+       {}},
 
+      {IDS_EXTENSION_PROMPT_WARNING_BOOKMARKS,
+       {APIPermission::kBookmark},
+       {APIPermission::kOverrideBookmarksUI}},
       {IDS_EXTENSION_PROMPT_WARNING_CLIPBOARD,
        {APIPermission::kClipboardRead},
        {}},
@@ -548,14 +614,10 @@ ChromePermissionMessageRule::GetAllRules() {
       {IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION,
        {APIPermission::kGeolocation},
        {}},
-
-      // Permission messages for extensions:
-      {IDS_EXTENSION_PROMPT_WARNING_ACCESSIBILITY_FEATURES_MODIFY,
-       {APIPermission::kAccessibilityFeaturesModify},
-       {}},
-      {IDS_EXTENSION_PROMPT_WARNING_ACCESSIBILITY_FEATURES_READ,
-       {APIPermission::kAccessibilityFeaturesRead},
+      {IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION,
+       {APIPermission::kLocation},
        {}},
+
       {IDS_EXTENSION_PROMPT_WARNING_CONTENT_SETTINGS,
        {APIPermission::kContentSettings},
        {}},
@@ -565,10 +627,10 @@ ChromePermissionMessageRule::GetAllRules() {
       {IDS_EXTENSION_PROMPT_WARNING_DOCUMENT_SCAN,
        {APIPermission::kDocumentScan},
        {}},
+      {IDS_EXTENSION_PROMPT_WARNING_INTERCEPT_ALL_KEYS,
+       {APIPermission::kInterceptAllKeys},
+       {}},  // TODO(treib): This should probably suppress kInput.
       {IDS_EXTENSION_PROMPT_WARNING_INPUT, {APIPermission::kInput}, {}},
-      {IDS_EXTENSION_PROMPT_WARNING_GEOLOCATION,
-       {APIPermission::kLocation},
-       {}},
       {IDS_EXTENSION_PROMPT_WARNING_MANAGEMENT,
        {APIPermission::kManagement},
        {}},
@@ -577,28 +639,20 @@ ChromePermissionMessageRule::GetAllRules() {
        {APIPermission::kNativeMessaging},
        {}},
       {IDS_EXTENSION_PROMPT_WARNING_PRIVACY, {APIPermission::kPrivacy}, {}},
-      {IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ,
-       {APIPermission::kProcesses},
-       {}},
       {IDS_EXTENSION_PROMPT_WARNING_SIGNED_IN_DEVICES,
        {APIPermission::kSignedInDevices},
        {}},
       {IDS_EXTENSION_PROMPT_WARNING_SYNCFILESYSTEM,
        {APIPermission::kSyncFileSystem},
        {}},
-      {IDS_EXTENSION_PROMPT_WARNING_TOPSITES, {APIPermission::kTopSites}, {}},
       {IDS_EXTENSION_PROMPT_WARNING_TTS_ENGINE,
        {APIPermission::kTtsEngine},
        {}},
       {IDS_EXTENSION_PROMPT_WARNING_WALLPAPER, {APIPermission::kWallpaper}, {}},
-      {IDS_EXTENSION_PROMPT_WARNING_HISTORY_READ,
-       {APIPermission::kWebNavigation},
-       {}},
       {IDS_EXTENSION_PROMPT_WARNING_PLATFORMKEYS,
        {APIPermission::kPlatformKeys},
        {}},
 
-      // Permission messages for private permissions:
       {IDS_EXTENSION_PROMPT_WARNING_SCREENLOCK_PRIVATE,
        {APIPermission::kScreenlockPrivate},
        {}},
@@ -608,9 +662,6 @@ ChromePermissionMessageRule::GetAllRules() {
       {IDS_EXTENSION_PROMPT_WARNING_EXPERIENCE_SAMPLING_PRIVATE,
        {APIPermission::kExperienceSamplingPrivate},
        {}},
-      {IDS_EXTENSION_PROMPT_WARNING_NETWORKING_PRIVATE,
-       {APIPermission::kNetworkingPrivate},
-       {}},
       {IDS_EXTENSION_PROMPT_WARNING_MUSIC_MANAGER_PRIVATE,
        {APIPermission::kMusicManagerPrivate},
        {}},
@@ -629,95 +680,6 @@ ChromePermissionMessageRule::GetAllRules() {
       {IDS_EXTENSION_PROMPT_WARNING_USERS_PRIVATE,
        {APIPermission::kUsersPrivate},
        {}},
-
-      // Platform-app permission messages.
-
-      // The permission string for "fileSystem" is only shown when
-      // "write" or "directory" is present. Read-only access is only
-      // granted after the user has been shown a file or directory
-      // chooser dialog and selected a file or directory. Selecting
-      // the file or directory is considered consent to read it.
-      {IDS_EXTENSION_PROMPT_WARNING_FILE_SYSTEM_DIRECTORY,
-       {APIPermission::kFileSystemDirectory},
-       {}},
-
-      // Because warning messages for the "mediaGalleries" permission
-      // vary based on the permissions parameters, no message ID or
-      // message text is specified here.  The message ID and text used
-      // will be determined at run-time in the
-      // |MediaGalleriesPermission| class.
-
-      {IDS_EXTENSION_PROMPT_WARNING_INTERCEPT_ALL_KEYS,
-       {APIPermission::kInterceptAllKeys},
-       {}},
-
-      {IDS_EXTENSION_PROMPT_WARNING_AUDIO_AND_VIDEO_CAPTURE,
-       {APIPermission::kAudioCapture, APIPermission::kVideoCapture},
-       {}},
-
-      // Individual message rules taken from
-      // ExtensionsAPIPermissions::GetAllPermissions():
-      {IDS_EXTENSION_PROMPT_WARNING_AUDIO_CAPTURE,
-       {APIPermission::kAudioCapture},
-       {}},
-      {IDS_EXTENSION_PROMPT_WARNING_BLUETOOTH_PRIVATE,
-       {APIPermission::kBluetoothPrivate},
-       {}},
-      {IDS_EXTENSION_PROMPT_WARNING_DECLARATIVE_WEB_REQUEST,
-       {APIPermission::kDeclarativeWebRequest},
-       {}},
-      {IDS_EXTENSION_PROMPT_WARNING_SERIAL, {APIPermission::kSerial}, {}},
-      {IDS_EXTENSION_PROMPT_WARNING_NETWORKING_CONFIG,
-       {APIPermission::kNetworkingConfig},
-       {}},
-
-      // Because warning messages for the "socket" permission vary based
-      // on the permissions parameters, no message ID or message text is
-      // specified here.  The message ID and text used will be
-      // determined at run-time in the |SocketPermission| class.
-      {IDS_EXTENSION_PROMPT_WARNING_U2F_DEVICES,
-       {APIPermission::kU2fDevices},
-       {}},
-      {IDS_EXTENSION_PROMPT_WARNING_VIDEO_CAPTURE,
-       {APIPermission::kVideoCapture},
-       {}},
-      {IDS_EXTENSION_PROMPT_WARNING_VPN, {APIPermission::kVpnProvider}, {}},
-      {IDS_EXTENSION_PROMPT_WARNING_WEB_CONNECTABLE,
-       {APIPermission::kWebConnectable},
-       {}},
-
-      // Rules from ManifestPermissions:
-      // BluetoothManifestPermission:
-      {IDS_EXTENSION_PROMPT_WARNING_BLUETOOTH_DEVICES,
-       {APIPermission::kBluetoothDevices},
-       {}},
-
-      // SocketsManifestPermission:
-      {IDS_EXTENSION_PROMPT_WARNING_SOCKET_ANY_HOST,
-       {APIPermission::kSocketAnyHost},
-       {}},
-      {IDS_EXTENSION_PROMPT_WARNING_NETWORK_STATE,
-       {APIPermission::kNetworkState},
-       {}},
-
-      // API permission rules:
-      // SettingsOverrideAPIPermission:
-      {new SingleParameterFormatter(
-           IDS_EXTENSION_PROMPT_WARNING_HOME_PAGE_SETTING_OVERRIDE),
-       {APIPermission::kHomepage},
-       {}},
-      {new SingleParameterFormatter(
-           IDS_EXTENSION_PROMPT_WARNING_SEARCH_SETTINGS_OVERRIDE),
-       {APIPermission::kSearchProvider},
-       {}},
-      {new SingleParameterFormatter(
-           IDS_EXTENSION_PROMPT_WARNING_START_PAGE_SETTING_OVERRIDE),
-       {APIPermission::kStartupPages},
-       {}},
-
-      // Other rules:
-      // From ChromeExtensionsClient::FilterHostPermissions():
-      {IDS_EXTENSION_PROMPT_WARNING_FAVICON, {APIPermission::kFavicon}, {}},
   };
 
   return std::vector<ChromePermissionMessageRule>(