Communicate ExtensionSettings policy to renderers

chrome/browser/extensions/extension_service.cc

Index: chrome/browser/extensions/extension_service.cc
diff --git a/chrome/browser/extensions/extension_service.cc b/chrome/browser/extensions/extension_service.cc
index 4cecaddab3e02cc9e9697c9d3f7a01d4ab746468..be912b46afab274634e54035709081260f3a8b51 100644
--- a/chrome/browser/extensions/extension_service.cc
+++ b/chrome/browser/extensions/extension_service.cc
@@ -866,12 +866,19 @@ void ExtensionService::EnableExtension(const std::string& extension_id) {
   const Extension* extension =
       registry_->disabled_extensions().GetByID(extension_id);
 
+  extensions::ExtensionManagement* management =
+      extensions::ExtensionManagementFactory::GetForBrowserContext(profile());
+
   ManagementPolicy* policy = system_->management_policy();
   if (extension && policy->MustRemainDisabled(extension, nullptr, nullptr)) {
     UMA_HISTOGRAM_COUNTS_100("Extensions.EnableDeniedByPolicy", 1);
     return;
   }
 
+  extensions::PermissionsUpdater(profile()).SetRuntimeBlockedAllowedHosts(
+    extension, management->GetRuntimeBlockedHosts(extension),
+    management->GetRuntimeAllowedHosts(extension));
+
   extension_prefs_->SetExtensionEnabled(extension_id);
 
   // This can happen if sync enables an extension that is not installed yet.
@@ -1213,6 +1220,12 @@ void ExtensionService::CheckManagementPolicy() {
   extensions::ExtensionManagement* management =
       extensions::ExtensionManagementFactory::GetForBrowserContext(profile());
 
+  for (const auto& extension : registry_->enabled_extensions()) {
+    extensions::PermissionsUpdater(profile()).SetRuntimeBlockedAllowedHosts(
+      extension.get(), management->GetRuntimeBlockedHosts(extension.get()),
+      management->GetRuntimeAllowedHosts(extension.get()));
+  }
+
   // Loop through the disabled extension list, find extensions to re-enable
   // automatically. These extensions are exclusive from the |to_disable| and
   // |to_unload| lists constructed above, since disabled_extensions() and
@@ -1461,6 +1474,13 @@ void ExtensionService::AddExtension(const Extension* extension) {
     return;
   }
 
+  extensions::ExtensionManagement* settings =
+      extensions::ExtensionManagementFactory::GetForBrowserContext(profile());
+  CHECK(settings);
+  extensions::PermissionsUpdater(profile()).SetRuntimeBlockedAllowedHosts(
+        extension, settings->GetRuntimeBlockedHosts(extension),
+        settings->GetRuntimeAllowedHosts(extension));
+
   bool is_extension_upgrade = false;
   bool is_extension_loaded = false;
   const Extension* old = GetInstalledExtension(extension->id());
@@ -1870,6 +1890,9 @@ void ExtensionService::OnExtensionManagementSettingsChanged() {
       extensions::PermissionsUpdater(profile()).RemovePermissionsUnsafe(
           extension.get(), *settings->GetBlockedPermissions(extension.get()));
     }
+    extensions::PermissionsUpdater(profile()).SetRuntimeBlockedAllowedHosts(
+        extension.get(), settings->GetRuntimeBlockedHosts(extension.get()),
+        settings->GetRuntimeAllowedHosts(extension.get()));
   }
 
   CheckManagementPolicy();