PS - Remove Clipboard Read permission from extensions in Public Sessions (except for whitelisted on…

chrome/browser/extensions/permissions_updater.h

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_EXTENSIONS_PERMISSIONS_UPDATER_H__
 #define CHROME_BROWSER_EXTENSIONS_PERMISSIONS_UPDATER_H__
 
 #include <memory>
 #include <string>
 
 #include "base/macros.h"
 #include "extensions/browser/extension_event_histogram_value.h"
 
 namespace content {
 class BrowserContext;
 }
 
 namespace extensions {
 
 class Extension;
 class PermissionSet;
 
 // Updates an Extension's active and granted permissions in persistent storage
 // and notifies interested parties of the changes.
 class PermissionsUpdater {
  public:
+  // Platform specific delegate.
+  class Delegate {
+   public:
+    virtual ~Delegate() {}
+    // Platform specific initialization of |extension|'s permissions (does any
+    // necessary filtering of permissions or similar).
+    virtual void InitializePermissions(
+        const Extension* extension,
+        std::unique_ptr<const PermissionSet>* granted_permissions) = 0;
+  };
+
   enum InitFlag {
     INIT_FLAG_NONE = 0,
     INIT_FLAG_TRANSIENT = 1 << 0,
   };
 
   enum RemoveType {
     REMOVE_SOFT,
     REMOVE_HARD,
   };
 
   explicit PermissionsUpdater(content::BrowserContext* browser_context);
   PermissionsUpdater(content::BrowserContext* browser_context,
                      InitFlag init_flag);
   ~PermissionsUpdater();
 
+  // Used for platform specific logic as to not litter the code with #ifdefs.
+  // |delegate| is created and set during creation of browser process and its
+  // lifetime is for the whole duration of the browser process - it is never
+  // freed but this is fine since it will go away together with the browser

[Devlin, 2017/04/11 15:06:22]

I'm not quite sure I follow the "this is fine since it will go away together
with the browser process".  Isn't this just leaked?  Doesn't any allocated
object go away with the process its in (unless its e.g. persisted to disk, or
we're talking about very complex handles?)

I'd just summarize this as:
// |delegate| is leaked.

[Ivan Šandrk, 2017/04/11 15:11:16]

You would summarize the whole "|delegate| is created ..." part?

[Devlin, 2017/04/11 15:15:02]

Pretty much... suggested alternative:
// Sets a delegate to provide platform-specific logic. This should be
// set during startup (to ensure all extensions are initialized through
// the delegate).
// |delegate| is a singleton instance and is leaked.

Feel free to wordsmith, though.

[Ivan Šandrk, 2017/04/12 13:57:47]

Done.

+  // process.
+  static void SetPlatformDelegate(Delegate* delegate);
+
   // Adds the set of |permissions| to the |extension|'s active permission set
   // and sends the relevant messages and notifications. This method assumes the
   // user has already been prompted, if necessary, for the extra permissions.
   void AddPermissions(const Extension* extension,
                       const PermissionSet& permissions);
 
   // Removes the set of |permissions| from the |extension|'s active permission
   // set and sends the relevant messages and notifications.
   // If |remove_type| is REMOVE_HARD, this removes the permissions from the
   // granted permissions in the prefs (meaning that the extension would have
@@ skipping 60 matching lines @@
   // Initialization flag that determines whether prefs is consulted about the
   // extension. Transient extensions should not have entries in prefs.
   InitFlag init_flag_;
 
   DISALLOW_COPY_AND_ASSIGN(PermissionsUpdater);
 };
 
 }  // namespace extensions
 
 #endif  // CHROME_BROWSER_EXTENSIONS_PERMISSIONS_UPDATER_H__