Issue 595363002: Add policy controlled permission block list for extensions

Issue 595363002: Add policy controlled permission block list for extensions (Closed)

Created:
6 years, 3 months ago by binjin

Modified:
6 years, 1 month ago

Reviewers:
Joao da Silva, Finnur

CC:
chromium-reviews, chromium-apps-reviews_chromium.org, extensions-reviews_chromium.org

Base URL:
https://chromium.googlesource.com/chromium/src.git@ext-fix

Project:
chromium

Visibility:
Public.

More Reviews

Description

Add policy controlled permission block list for extensions This CL adds permissions block list for extensions. Currently only simple API permissions are supported, and the block list applies to both required and optional permissions of extensions. BUG=177351 Committed: https://crrev.com/e6b58b5a41f010118c5caea9ba78bc077a5f551b Cr-Commit-Position: refs/heads/master@{#302211}

Patch Set 1 : WIP #

Patch Set 2 : WIP #

Patch Set 3 : rebase; still WIP #

Patch Set 4 : WIP #

Patch Set 5 : rebase; add unit_tests #

Patch Set 6 : rebase #

Patch Set 7 : fixes #

Patch Set 8 : add new unit test #

Patch Set 9 : more fixes #

Patch Set 10 : fix crash #

Patch Set 11 : Add more unit tests #

Patch Set 12 : more fixes #

Patch Set 13 : more minor format fix #

Total comments: 41

Patch Set 14 : silence a MSVS warning #

Patch Set 15 : fixes addressing #4 #

Total comments: 2

Patch Set 16 : rebase; minor format fix; fixes addressing #6 #

Patch Set 17 : fix a comment #

Patch Set 18 : clean rebase #

Patch Set 19 : add extension api test #

Total comments: 24

Patch Set 20 : fixes addressing #15 #

Patch Set 21 : more lint error fixes #

Patch Set 22 : fix memory leaks #

Created: 6 years, 1 month ago

Download [raw] [tar.bz2]

	Unified diffs	Side-by-side diffs	Delta from patch set	Stats (+1034 lines, -46 lines)			Patch
M	chrome/browser/extensions/api/permissions/permissions_api.cc	View	1 2 3 4 5 6 7 8 9 10 11	3 chunks	+12 lines, -0 lines	0 comments	Download
M	chrome/browser/extensions/api/permissions/permissions_apitest.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20	3 chunks	+36 lines, -2 lines	0 comments	Download
M	chrome/browser/extensions/extension_management.h	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20	5 chunks	+25 lines, -4 lines	0 comments	Download
M	chrome/browser/extensions/extension_management.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20	7 chunks	+42 lines, -5 lines	0 comments	Download
M	chrome/browser/extensions/extension_management_constants.h	View		1 chunk	+3 lines, -0 lines	0 comments	Download
M	chrome/browser/extensions/extension_management_constants.cc	View		1 chunk	+3 lines, -0 lines	0 comments	Download
M	chrome/browser/extensions/extension_management_internal.h	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19	3 chunks	+14 lines, -0 lines	0 comments	Download
M	chrome/browser/extensions/extension_management_internal.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19	1 chunk	+52 lines, -0 lines	0 comments	Download
M	chrome/browser/extensions/extension_management_test_util.h	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19	4 chunks	+43 lines, -6 lines	0 comments	Download
M	chrome/browser/extensions/extension_management_test_util.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18	9 chunks	+111 lines, -8 lines	0 comments	Download
M	chrome/browser/extensions/extension_management_unittest.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20	10 chunks	+49 lines, -10 lines	0 comments	Download
M	chrome/browser/extensions/extension_service.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17	1 chunk	+17 lines, -0 lines	0 comments	Download
M	chrome/browser/extensions/extension_service_unittest.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21	5 chunks	+226 lines, -0 lines	0 comments	Download
M	chrome/browser/extensions/extension_system_impl.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17	1 chunk	+2 lines, -2 lines	0 comments	Download
A	chrome/browser/extensions/permissions_based_management_policy_provider.h	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20	1 chunk	+41 lines, -0 lines	0 comments	Download
A	chrome/browser/extensions/permissions_based_management_policy_provider.cc	View	1 2 3 4 5 6	1 chunk	+61 lines, -0 lines	0 comments	Download
A	chrome/browser/extensions/permissions_based_management_policy_provider_unittest.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21	1 chunk	+169 lines, -0 lines	0 comments	Download
M	chrome/browser/extensions/test_extension_system.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17	1 chunk	+2 lines, -2 lines	0 comments	Download
M	chrome/chrome_browser_extensions.gypi	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19	1 chunk	+2 lines, -0 lines	0 comments	Download
M	chrome/chrome_tests.gypi	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19	1 chunk	+2 lines, -0 lines	0 comments	Download
M	chrome/chrome_tests_unit.gypi	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19	1 chunk	+1 line, -0 lines	0 comments	Download
A	chrome/test/data/extensions/api_test/permissions/optional_policy_blocked/background.js	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19	1 chunk	+27 lines, -0 lines	0 comments	Download
A	chrome/test/data/extensions/api_test/permissions/optional_policy_blocked/manifest.json	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18	1 chunk	+13 lines, -0 lines	0 comments	Download
A	chrome/test/data/extensions/permissions_blocklist.pem	View	1 2 3 4 5 6 7 8 9 10	1 chunk	+28 lines, -0 lines	0 comments	Download
A	chrome/test/data/extensions/permissions_blocklist/manifest.json	View	1 2 3 4 5 6 7 8 9 10	1 chunk	+7 lines, -0 lines	0 comments	Download
A	chrome/test/data/extensions/permissions_blocklist2/manifest.json	View	1 2 3 4 5 6 7 8 9 10	1 chunk	+7 lines, -0 lines	0 comments	Download
M	chrome/test/data/policy/policy_test_cases.json	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17	1 chunk	+5 lines, -2 lines	0 comments	Download
M	components/policy/resources/policy_templates.json	View	1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19	4 chunks	+26 lines, -5 lines	0 comments	Download
M	extensions/browser/management_policy.h	View	1 2 3 4 5 6 7 8 9 10 11 12 13	2 chunks	+4 lines, -0 lines	0 comments	Download
M	extensions/browser/management_policy.cc	View	1 2 3 4 5 6 7 8 9 10 11 12 13	1 chunk	+4 lines, -0 lines	0 comments	Download

Messages

Total messages: 23 (8 generated)

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages

binjin

Hello Joao, It's still a WIP, lack of a couple of browser tests. But I ...

6 years, 2 months ago (2014-10-14 17:22:07 UTC) #3

Joao da Silva

Nice test coverage in extension_service_unittest.cc. https://codereview.chromium.org/595363002/diff/610001/chrome/browser/extensions/extension_management.cc File chrome/browser/extensions/extension_management.cc (right): https://codereview.chromium.org/595363002/diff/610001/chrome/browser/extensions/extension_management.cc#newcode148 chrome/browser/extensions/extension_management.cc:148: for (auto blocked_api : ...

6 years, 2 months ago (2014-10-15 14:39:27 UTC) #4

binjin

https://codereview.chromium.org/595363002/diff/610001/chrome/browser/extensions/extension_management.cc File chrome/browser/extensions/extension_management.cc (right): https://codereview.chromium.org/595363002/diff/610001/chrome/browser/extensions/extension_management.cc#newcode148 chrome/browser/extensions/extension_management.cc:148: for (auto blocked_api : GetBlockedAPIPermissions(id)) { On 2014/10/15 14:39:25, ...

6 years, 2 months ago (2014-10-16 18:13:58 UTC) #5

Joao da Silva

Code lgtm, feel free to ping other reviewers. I still think it's worth having a ...

6 years, 2 months ago (2014-10-17 12:52:39 UTC) #6

binjin

https://codereview.chromium.org/595363002/diff/610001/chrome/browser/extensions/extension_management_unittest.cc File chrome/browser/extensions/extension_management_unittest.cc (right): https://codereview.chromium.org/595363002/diff/610001/chrome/browser/extensions/extension_management_unittest.cc#newcode375 chrome/browser/extensions/extension_management_unittest.cc:375: extension_management_->GetBlockedAPIPermissions(kTargetExtension3)); On 2014/10/17 12:52:39, Joao da Silva wrote: > ...

6 years, 2 months ago (2014-10-17 13:03:19 UTC) #7

binjin

6 years, 2 months ago (2014-10-17 14:04:23 UTC) #8

binjin

Hello Joao, Could you have a look at the new extension api test for blocked ...

6 years, 1 month ago (2014-10-29 14:12:20 UTC) #11

Joao da Silva

lgtm Thanks for writing the test. It's really great to have that coverage.

6 years, 1 month ago (2014-10-30 10:22:13 UTC) #12

Finnur

Didn't do an exhaustive review, more of spot checks here and there. So OWNERS LGTM ...

6 years, 1 month ago (2014-10-30 14:16:59 UTC) #15

binjin

https://codereview.chromium.org/595363002/diff/770001/chrome/browser/extensions/extension_management.h File chrome/browser/extensions/extension_management.h (right): https://codereview.chromium.org/595363002/diff/770001/chrome/browser/extensions/extension_management.h#newcode73 chrome/browser/extensions/extension_management.h:73: // KeyedService implementations. On 2014/10/30 14:16:59, Finnur wrote: > ...

6 years, 1 month ago (2014-10-30 16:41:12 UTC) #16

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/595363002/810001

6 years, 1 month ago (2014-10-30 17:12:22 UTC) #18

commit-bot: I haz the power

CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/595363002/830001

6 years, 1 month ago (2014-10-31 01:00:02 UTC) #21

commit-bot: I haz the power

6 years, 1 month ago (2014-10-31 01:56:49 UTC) #23

Message was sent while issue was closed.

Patchset 22 (id:??) landed as
https://crrev.com/e6b58b5a41f010118c5caea9ba78bc077a5f551b
Cr-Commit-Position: refs/heads/master@{#302211}

Expand Messages | Collapse Messages | Show Generated Messages | Hide Generated Messages