Add a "guard" content settings type for chooser permissions.

chrome/browser/permissions/chooser_context_base.h

Index: chrome/browser/permissions/chooser_context_base.h
diff --git a/chrome/browser/permissions/chooser_context_base.h b/chrome/browser/permissions/chooser_context_base.h
index 8cf1e614975324a5c4477b11479c741b762f1f41..d7f231d435acd6f48508de24c0bc599b5553920f 100644
--- a/chrome/browser/permissions/chooser_context_base.h
+++ b/chrome/browser/permissions/chooser_context_base.h
@@ -27,9 +27,17 @@ class Profile;
 class ChooserContextBase : public KeyedService {
  public:
   ChooserContextBase(Profile* profile,
+                     ContentSettingsType guard_content_settings_type,
                      ContentSettingsType data_content_settings_type);
   ~ChooserContextBase() override;
 
+  // Checks whether |requesting_origin| can request permission to access objects
+  // when embedded within |embedding_origin|. This is done by checking
+  // |guard_content_settings_type_| which will usually be allowed by default but
+  // could be overridden by group policy.
+  bool CanRequestObjectPermission(const GURL& requesting_origin,
+                                  const GURL& embedding_origin);
+
   // Returns the list of objects that |requesting_origin| has been granted
   // permission to access when embedded within |embedding_origin|.
   ScopedVector<base::DictionaryValue> GetGrantedObjects(
@@ -61,6 +69,7 @@ class ChooserContextBase : public KeyedService {
                          scoped_ptr<base::Value> value);
 
   HostContentSettingsMap* const host_content_settings_map_;
+  const ContentSettingsType guard_content_settings_type_;
   const ContentSettingsType data_content_settings_type_;
 };