Communicate ExtensionSettings policy to renderers

chrome/browser/extensions/permissions_updater.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_EXTENSIONS_PERMISSIONS_UPDATER_H__
 #define CHROME_BROWSER_EXTENSIONS_PERMISSIONS_UPDATER_H__
 
 #include <memory>
 #include <string>
 
 #include "base/macros.h"
+#include "base/memory/shared_memory.h"

[Devlin, 2017/01/26 22:47:39]

needed?

[nrpeter, 2017/02/03 19:32:24]

Done.

 #include "extensions/browser/extension_event_histogram_value.h"
 
 namespace base {
 class DictionaryValue;
 }
 
 namespace content {
 class BrowserContext;
 }
 
 namespace extensions {
 
 class Extension;
 class ExtensionPrefs;
 class PermissionSet;
+class URLPatternSet;
 
 // Updates an Extension's active and granted permissions in persistent storage
 // and notifies interested parties of the changes.
 class PermissionsUpdater {
  public:
   enum InitFlag {
     INIT_FLAG_NONE = 0,
     INIT_FLAG_TRANSIENT = 1 << 0,
   };
 
@@ skipping 25 matching lines @@
   void RemovePermissions(const Extension* extension,
                          const PermissionSet& permissions,
                          RemoveType remove_type);
 
   // Removes the |permissions| from |extension| and makes no effort to determine
   // if doing so is safe in the slightlest. This method shouldn't be used,
   // except for removing permissions totally blacklisted by management.
   void RemovePermissionsUnsafe(const Extension* extension,
                                const PermissionSet& permissions);
 
+  // Sets list of hosts |extension| may not interact with (overrides default).
+  // This is the individual scope of ExtensionSettings.
+  void SetPolicyHostRestrictions(const Extension* extension,

[Devlin, 2017/01/26 22:47:39]

See comment in extension_service.cc

[nrpeter, 2017/02/03 19:32:24]

Done.

+                                     const URLPatternSet& runtime_blocked_hosts,

[Devlin, 2017/01/26 22:47:39]

don't forget to use git cl format - it's a life-saver.

[nrpeter, 2017/02/03 19:32:24]

Done.

+                                     const URLPatternSet& runtime_allowed_hosts,
+                                     bool is_default);
+
+  // Sets list of hosts extensions may not interact with. Extension specific
+  // exceptions to this default policy are defined with
+  // SetPolicyHostRestrictions. This is the Deault scope "*" of
+  // ExtensionSettings.
+  void SetDefaultPolicyHostRestrictions(
+      const URLPatternSet& default_runtime_blocked_hosts,
+      const URLPatternSet& default_runtime_allowed_hosts);
+
   // Returns the set of revokable permissions.
   std::unique_ptr<const PermissionSet> GetRevokablePermissions(
       const Extension* extension) const;
 
   // Adds all permissions in the |extension|'s active permissions to its
   // granted permission set.
   void GrantActivePermissions(const Extension* extension);
 
   // Initializes the |extension|'s active permission set to include only
   // permissions currently requested by the extension and all the permissions
   // required by the extension.
   void InitializePermissions(const Extension* extension);
 
  private:
   enum EventType {
     ADDED,
     REMOVED,
+    POLICY

[Devlin, 2017/01/26 22:47:39]

nit: trailing comma

[nrpeter, 2017/02/03 19:32:24]

Done.

   };
 
   // Sets the |extension|'s active permissions to |active| and records the
   // change in the prefs. If |withheld| is non-null, also sets the extension's
   // withheld permissions to |withheld|. Otherwise, |withheld| permissions are
   // not changed.
   void SetPermissions(const Extension* extension,
                       std::unique_ptr<const PermissionSet> active,
                       std::unique_ptr<const PermissionSet> withheld);
 
   // Dispatches specified event to the extension.
   void DispatchEvent(const std::string& extension_id,
                      events::HistogramValue histogram_value,
                      const char* event_name,
                      const PermissionSet& changed_permissions);
 
   // Issues the relevant events, messages and notifications when the
   // |extension|'s permissions have |changed| (|changed| is the delta).
   // Specifically, this sends the EXTENSION_PERMISSIONS_UPDATED notification,
   // the ExtensionMsg_UpdatePermissions IPC message, and fires the
   // onAdded/onRemoved events in the extension.
   void NotifyPermissionsUpdated(EventType event_type,
                                 const Extension* extension,
                                 const PermissionSet& changed);
 
+  // Issues the relevant events, messages and notifications when the
+  // default scope management policy have changed.
+  // Specifically, this sends the ExtensionMsg_UpdateDefaultHostRestrictions
+  // IPC message.
+  void NotifyDefaultPolicyHostRestrictionsUpdated(
+      const URLPatternSet& default_runtime_blocked_hosts,
+      const URLPatternSet& default_runtime_allowed_hosts);
+
   // The associated BrowserContext.
   content::BrowserContext* browser_context_;
 
   // Initialization flag that determines whether prefs is consulted about the
   // extension. Transient extensions should not have entries in prefs.
   InitFlag init_flag_;
 
   DISALLOW_COPY_AND_ASSIGN(PermissionsUpdater);
 };
 
 }  // namespace extensions
 
 #endif  // CHROME_BROWSER_EXTENSIONS_PERMISSIONS_UPDATER_H__