PS - Showing permission prompt for activeTab

chrome/browser/chromeos/extensions/active_tab_permission_granter_delegate_chromeos.cc

Index: chrome/browser/chromeos/extensions/active_tab_permission_granter_delegate_chromeos.cc
diff --git a/chrome/browser/chromeos/extensions/active_tab_permission_granter_delegate_chromeos.cc b/chrome/browser/chromeos/extensions/active_tab_permission_granter_delegate_chromeos.cc
new file mode 100644
index 0000000000000000000000000000000000000000..a8224299cf23988e567b9794199c1d1c665196ce
--- /dev/null
+++ b/chrome/browser/chromeos/extensions/active_tab_permission_granter_delegate_chromeos.cc
@@ -0,0 +1,43 @@
+// Copyright 2017 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "chrome/browser/chromeos/extensions/active_tab_permission_granter_delegate_chromeos.h"
+
+#include "chrome/browser/chromeos/extensions/device_local_account_management_policy_provider.h"
+#include "chrome/browser/chromeos/extensions/public_session_permission_helper.h"
+#include "chrome/browser/profiles/profiles_state.h"
+#include "extensions/common/extension.h"
+#include "extensions/common/permissions/api_permission.h"
+
+namespace extensions {
+
+ActiveTabPermissionGranterDelegateChromeOS::
+    ActiveTabPermissionGranterDelegateChromeOS() {}
+
+ActiveTabPermissionGranterDelegateChromeOS::
+    ~ActiveTabPermissionGranterDelegateChromeOS() {}
+
+bool ActiveTabPermissionGranterDelegateChromeOS::ActiveTabPermissionGranted(
+    const Extension* extension,
+    content::WebContents* web_contents) {
+  if (!profiles::IsPublicSession() ||

[Devlin, 2017/05/12 14:56:45]

Do we set the delegate if it's not a public session?  Or can this be a DCHECK? 
Do we need to worry about the user logging out and it no longer being a public
session?

[Ivan Šandrk, 2017/05/12 18:27:44]

Nope. I guess I'm the kind of person that likes redundancy, but I can make it a
DCHECK (or even completely remove it). Done.
Nope. The whole browser process is terminated at the end of logout, everything
goes away.

[Devlin, 2017/05/15 20:51:12]

We should be careful with redundancy when it means guarding against cases that
should never happen.  That's where DCHECKs come in handy - they are a) some
small assurance that it doesn't happen (at least on the bots), and b)
documentation of the guarantees we think we have.  But otherwise, this
redundancy could potentially indicate a bug, so it's good to catch.  Of course,
like most things, it's a balance (and very likely, subjective). :)

+      chromeos::DeviceLocalAccountManagementPolicyProvider::IsWhitelisted(

[Devlin, 2017/05/12 14:56:45]

Would it make sense to put this check in the permission helper?  Or does the
whitelist only apply to certain permissions?

[Ivan Šandrk, 2017/05/12 18:27:44]

Whitelisted extensions should have unlimited access. Also a good idea, I've made
the changes.

+          extension->id())) {
+    return true;
+  }
+
+  bool already_handled = permission_helper::HandlePermissionRequest(
+      *extension, {APIPermission::kActiveTab}, web_contents,
+      permission_helper::RequestResolvedCallback(),
+      permission_helper::PromptFactory());
+
+  if (already_handled) {
+    return permission_helper::PermissionAllowed(
+        extension, APIPermission::kActiveTab);
+  }
+
+  return false;
+}
+
+}  // namespace extensions