| Index: chrome/browser/extensions/permissions_updater.cc
|
| diff --git a/chrome/browser/extensions/permissions_updater.cc b/chrome/browser/extensions/permissions_updater.cc
|
| index 5f2f62981d5889f7db19804d7734561aaaac5b9f..b4ad41cc0490e87503deaec2344bedf16055df6f 100644
|
| --- a/chrome/browser/extensions/permissions_updater.cc
|
| +++ b/chrome/browser/extensions/permissions_updater.cc
|
| @@ -36,15 +36,24 @@ namespace permissions = api::permissions;
|
|
|
| namespace {
|
|
|
| +URLPatternSet FilterSingleOriginPermissions(const URLPatternSet& permissions) {
|
| + URLPatternSet single_origin_permissions;
|
| + for (URLPatternSet::const_iterator iter = permissions.begin();
|
| + iter != permissions.end();
|
| + ++iter) {
|
| + if (iter->MatchesSingleOrigin())
|
| + single_origin_permissions.AddPattern(*iter);
|
| + }
|
| + return single_origin_permissions;
|
| +}
|
| +
|
| // Returns a PermissionSet that has the active permissions of the extension,
|
| // bounded to its current manifest.
|
| scoped_refptr<const PermissionSet> GetBoundedActivePermissions(
|
| - const Extension* extension, ExtensionPrefs* extension_prefs) {
|
| + const Extension* extension, const PermissionSet* active_permissions) {
|
| // If the extension has used the optional permissions API, it will have a
|
| // custom set of active permissions defined in the extension prefs. Here,
|
| // we update the extension's active permissions based on the prefs.
|
| - scoped_refptr<const PermissionSet> active_permissions =
|
| - extension_prefs->GetActivePermissions(extension->id());
|
| if (!active_permissions)
|
| return extension->permissions_data()->active_permissions();
|
|
|
| @@ -144,9 +153,10 @@ void PermissionsUpdater::GrantActivePermissions(const Extension* extension) {
|
| }
|
|
|
| void PermissionsUpdater::InitializePermissions(const Extension* extension) {
|
| + scoped_refptr<const PermissionSet> active_permissions = ExtensionPrefs::Get(
|
| + browser_context_)->GetActivePermissions(extension->id());
|
| scoped_refptr<const PermissionSet> bounded_active =
|
| - GetBoundedActivePermissions(extension,
|
| - ExtensionPrefs::Get(browser_context_));
|
| + GetBoundedActivePermissions(extension, active_permissions.get());
|
|
|
| // We withhold permissions iff the switch to do so is enabled, the extension
|
| // shows up in chrome:extensions (so the user can grant withheld permissions),
|
| @@ -175,6 +185,18 @@ void PermissionsUpdater::InitializePermissions(const Extension* extension) {
|
| &granted_scriptable_hosts,
|
| &withheld_scriptable_hosts);
|
|
|
| + // After withholding permissions, add back any origins to the active set that
|
| + // may have been lost during the set operations that would have dropped them.
|
| + // For example, the union of <all_urls> and <anything> is <all_urls>, so we
|
| + // may lose the <anything>. However, that <anything> is important once
|
| + // <all_urls> is stripped during withholding.
|
| + if (active_permissions) {
|
| + granted_explicit_hosts.AddPatterns(
|
| + FilterSingleOriginPermissions(active_permissions->explicit_hosts()));
|
| + granted_scriptable_hosts.AddPatterns(
|
| + FilterSingleOriginPermissions(active_permissions->scriptable_hosts()));
|
| + }
|
| +
|
| bounded_active = new PermissionSet(bounded_active->apis(),
|
| bounded_active->manifest_permissions(),
|
| granted_explicit_hosts,
|
|
|
Chromium Code Reviews
Issue 396033002:
Support "always allow" for runtime script execution (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master