Communicate ExtensionSettings policy to renderers

chrome/browser/extensions/permissions_updater.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_EXTENSIONS_PERMISSIONS_UPDATER_H__
 #define CHROME_BROWSER_EXTENSIONS_PERMISSIONS_UPDATER_H__
 
 #include <memory>
 #include <string>
 
 #include "base/macros.h"
+#include "base/memory/shared_memory.h"
 #include "extensions/browser/extension_event_histogram_value.h"
 
 namespace base {
 class DictionaryValue;
 }
 
 namespace content {
 class BrowserContext;
 }
 
 namespace extensions {
 
 class Extension;
 class ExtensionPrefs;
 class PermissionSet;
+class URLPatternSet;
 
 // Updates an Extension's active and granted permissions in persistent storage
 // and notifies interested parties of the changes.
 class PermissionsUpdater {
  public:
   enum InitFlag {
     INIT_FLAG_NONE = 0,
     INIT_FLAG_TRANSIENT = 1 << 0,
   };
 
@@ skipping 25 matching lines @@
   void RemovePermissions(const Extension* extension,
                          const PermissionSet& permissions,
                          RemoveType remove_type);
 
   // Removes the |permissions| from |extension| and makes no effort to determine
   // if doing so is safe in the slightlest. This method shouldn't be used,
   // except for removing permissions totally blacklisted by management.
   void RemovePermissionsUnsafe(const Extension* extension,
                                const PermissionSet& permissions);
 
+  // Sets list of hosts |extension| may not interact with (overrides default).
+  // This is the individual scope of ExtensionSettings.
+  void SetRuntimeBlockedAllowedHosts(const Extension* extension,

[Devlin, 2017/01/09 23:30:57]

RuntimeBlockedAllowedHosts makes no sense to me :)  Is this blocked hosts? 
Allowed hosts?  Hosts that were allowed and now blocked?  Blocked and now
allowed?  A weird combinative state?

[nrpeter, 2017/01/10 17:48:05]

This function updates the list of hosts to be blocked (runtime_blocked_hosts)
and the list of exceptions (runtime_allowed_hosts). Since they're only ever
updated at the same time I didn't think it made sense to split this into two
functions. I'm happy to change the name, maybe something like
SetRuntimeHostPolicy?

+                                     const URLPatternSet& runtime_blocked_hosts,
+                                     const URLPatternSet& runtime_allowed_hosts,
+                                     bool is_default);
+
+  // Sets list of hosts extensions may not interact with. Extension specific
+  // exceptions to this default policy are defined with
+  // SetRuntimeBlockedAllowedHosts. This is the Deault scope "*" of
+  // ExtensionSettings.
+  void SetDefaultRuntimeBlockedAllowedHosts(
+      const URLPatternSet& default_runtime_blocked_hosts,
+      const URLPatternSet& default_runtime_allowed_hosts);
+
   // Returns the set of revokable permissions.
   std::unique_ptr<const PermissionSet> GetRevokablePermissions(
       const Extension* extension) const;
 
   // Adds all permissions in the |extension|'s active permissions to its
   // granted permission set.
   void GrantActivePermissions(const Extension* extension);
 
   // Initializes the |extension|'s active permission set to include only
   // permissions currently requested by the extension and all the permissions
@@ skipping 22 matching lines @@
 
   // Issues the relevant events, messages and notifications when the
   // |extension|'s permissions have |changed| (|changed| is the delta).
   // Specifically, this sends the EXTENSION_PERMISSIONS_UPDATED notification,
   // the ExtensionMsg_UpdatePermissions IPC message, and fires the
   // onAdded/onRemoved events in the extension.
   void NotifyPermissionsUpdated(EventType event_type,
                                 const Extension* extension,
                                 const PermissionSet& changed);
 
+  // Issues the relevant events, messages and notifications when the
+  // |extension|'s management policy have changed.
+  // Specifically, this sends the EXTENSION_POLICY_UPDATED notification,
+  // the ExtensionMsg_UpdateAllowedAndBlockedHosts IPC message.
+  void NotifyRuntimeBlockedAllowedHostsUpdated(
+      const Extension* extension,
+      const URLPatternSet& runtime_blocked_hosts,
+      const URLPatternSet& runtime_allowed_hosts,
+      bool is_default);
+
+  // Issues the relevant events, messages and notifications when the
+  // |extension|'s management policy have changed.
+  // Specifically, this sends the EXTENSION_POLICY_UPDATED notification,
+  // the ExtensionMsg_UpdateDefaultAllowedAndBlockedHostsPolicy IPC message.
+  void NotifyDefaultRuntimeBlockedAllowedHostsUpdated(
+      const URLPatternSet& default_runtime_blocked_hosts,
+      const URLPatternSet& default_runtime_allowed_hosts);
+
   // The associated BrowserContext.
   content::BrowserContext* browser_context_;
 
   // Initialization flag that determines whether prefs is consulted about the
   // extension. Transient extensions should not have entries in prefs.
   InitFlag init_flag_;
 
   DISALLOW_COPY_AND_ASSIGN(PermissionsUpdater);
 };
 
 }  // namespace extensions
 
 #endif  // CHROME_BROWSER_EXTENSIONS_PERMISSIONS_UPDATER_H__