Support "always allow" for runtime script execution

chrome/browser/extensions/permissions_updater.cc

Index: chrome/browser/extensions/permissions_updater.cc
diff --git a/chrome/browser/extensions/permissions_updater.cc b/chrome/browser/extensions/permissions_updater.cc
index 5f2f62981d5889f7db19804d7734561aaaac5b9f..83dc755d478dfe507815bbadd29328e257596002 100644
--- a/chrome/browser/extensions/permissions_updater.cc
+++ b/chrome/browser/extensions/permissions_updater.cc
@@ -67,6 +67,32 @@ scoped_refptr<const PermissionSet> GetBoundedActivePermissions(
   adjusted_active =
       PermissionSet::CreateUnion(required_permissions, adjusted_active);
 
+  // Re-add any active permissions that only match a single origin in order
+  // to persist "always run" script injection hosts.
+  URLPatternSet single_origin_explicit;
+  URLPatternSet single_origin_scriptable;
+  for (URLPatternSet::const_iterator iter =
+           active_permissions->explicit_hosts().begin();
+       iter != active_permissions->explicit_hosts().end();
+       ++iter) {
+    if (iter->MatchesSingleOrigin())
+      single_origin_explicit.AddPattern(*iter);
+  }
+  for (URLPatternSet::const_iterator iter =
+           active_permissions->scriptable_hosts().begin();
+       iter != active_permissions->scriptable_hosts().end();
+       ++iter) {
+    if (iter->MatchesSingleOrigin())
+      single_origin_scriptable.AddPattern(*iter);
+  }
+
+  adjusted_active = PermissionSet::CreateUnion(
+      adjusted_active,
+      new PermissionSet(APIPermissionSet(),
+                        ManifestPermissionSet(),
+                        single_origin_explicit,
+                        single_origin_scriptable));
+
   return adjusted_active;
 }