PS - Adjusting webRequest API for use in Public Sessions

extensions/browser/api/web_request/web_request_permissions.cc

Index: extensions/browser/api/web_request/web_request_permissions.cc
diff --git a/extensions/browser/api/web_request/web_request_permissions.cc b/extensions/browser/api/web_request/web_request_permissions.cc
index c4ac79580cec811af010da24ee14d79d50018e26..a7b3d9a9a815dcf701d0052c1f5049981db57dc8 100644
--- a/extensions/browser/api/web_request/web_request_permissions.cc
+++ b/extensions/browser/api/web_request/web_request_permissions.cc
@@ -6,6 +6,7 @@
 
 #include "base/strings/string_util.h"
 #include "base/strings/stringprintf.h"
+#include "chromeos/login/login_state.h"
 #include "content/public/browser/resource_request_info.h"
 #include "extensions/browser/extension_navigation_ui_data.h"
 #include "extensions/browser/guest_view/web_view/web_view_renderer_state.h"
@@ -125,6 +126,19 @@ PermissionsData::AccessType WebRequestPermissions::CanExtensionAccessURL(
   if (!extension)
     return PermissionsData::ACCESS_DENIED;
 
+  // When we are in a Public Session, allow all URL's for webRequests initiated
+  // by a regular extension.
+#if defined(OS_CHROMEOS)
+  if (chromeos::LoginState::IsInitialized() &&
+      chromeos::LoginState::Get()->IsPublicSessionUser() &&
+      extension->is_extension()) {
+    // Make sure that the extension is truly installed by policy (the assumption
+    // in Public Session is that all extensions are installed by policy).
+    // CHECK(extensions::Manifest::IsPolicyLocation(extension->location()));
+    return PermissionsData::ACCESS_ALLOWED;
+  }
+#endif
+
   // Check if this event crosses incognito boundaries when it shouldn't.
   if (crosses_incognito && !extension_info_map->CanCrossIncognito(extension))
     return PermissionsData::ACCESS_DENIED;