Add policy controlled permission block list for extensions

chrome/browser/extensions/extension_management.h

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef CHROME_BROWSER_EXTENSIONS_EXTENSION_MANAGEMENT_H_
 #define CHROME_BROWSER_EXTENSIONS_EXTENSION_MANAGEMENT_H_
 
 #include "base/containers/scoped_ptr_hash_map.h"
 #include "base/macros.h"
+#include "base/memory/ref_counted.h"
 #include "base/memory/scoped_ptr.h"
+#include "base/memory/scoped_vector.h"
 #include "base/memory/singleton.h"
 #include "base/observer_list.h"
 #include "base/prefs/pref_change_registrar.h"
 #include "base/values.h"
 #include "components/keyed_service/content/browser_context_keyed_service_factory.h"
 #include "components/keyed_service/core/keyed_service.h"
 #include "extensions/browser/management_policy.h"
 #include "extensions/common/extension.h"
 #include "extensions/common/manifest.h"
 
 class GURL;
 class PrefService;
 
 namespace content {
 class BrowserContext;
 }  // namespace content
 
 namespace extensions {
 
 namespace internal {
 
 struct IndividualSettings;
 struct GlobalSettings;
 
 }  // namespace internal
 
+class APIPermissionSet;
+class PermissionSet;
+
 // Tracks the management policies that affect extensions and provides interfaces
 // for observing and obtaining the global settings for all extensions, as well
 // as per-extension settings.
 class ExtensionManagement : public KeyedService {
  public:
   // Observer class for extension management settings changes.
   class Observer {
    public:
     virtual ~Observer() {}
 
@@ skipping 11 matching lines @@
   enum InstallationMode {
     INSTALLATION_ALLOWED = 0,
     INSTALLATION_BLOCKED,
     INSTALLATION_FORCED,
     INSTALLATION_RECOMMENDED,
   };
 
   explicit ExtensionManagement(PrefService* pref_service);
   ~ExtensionManagement() override;
 
+  // KeyedService implementations.

[Finnur, 2014/10/30 14:16:59]

nit: The agreed upon syntax for this was:
// InterfaceName:

[binjin, 2014/10/30 16:41:11]

Done.

+  virtual void ShutDown();

[Finnur, 2014/10/30 14:16:59]

delete 'virtual' and add 'override' at the end.

[binjin, 2014/10/30 16:41:11]

Done. Also found that I mis-spelled the method name.

+
   void AddObserver(Observer* observer);
   void RemoveObserver(Observer* observer);
 
-  // Get the ManagementPolicy::Provider controlled by extension management
-  // policy settings.
-  ManagementPolicy::Provider* GetProvider() const;
+  // Get the list of ManagementPolicy::Provider controlled by extension
+  // management policy settings.
+  std::vector<ManagementPolicy::Provider*> GetProviders() const;
 
   // Checks if extensions are blacklisted by default, by policy. When true,
   // this means that even extensions without an ID should be blacklisted (e.g.
   // from the command line, or when loaded as an unpacked extension).
   bool BlacklistedByDefault() const;
 
   // Returns installation mode for an extension.
   InstallationMode GetInstallationMode(const ExtensionId& id) const;
 
   // Returns the force install list, in format specified by
   // ExternalPolicyLoader::AddExtension().
   scoped_ptr<base::DictionaryValue> GetForceInstallList() const;
 
   // Like GetForceInstallList(), but returns recommended install list instead.
   scoped_ptr<base::DictionaryValue> GetRecommendedInstallList() const;
 
   // Returns if an extension with id |id| is explicitly allowed by enterprise
   // policy or not.
   bool IsInstallationExplicitlyAllowed(const ExtensionId& id) const;
 
   // Returns true if an extension download should be allowed to proceed.
   bool IsOffstoreInstallAllowed(const GURL& url,
                                 const GURL& referrer_url) const;
 
   // Returns true if an extension with manifest type |manifest_type| is
   // allowed to be installed.
   bool IsAllowedManifestType(Manifest::Type manifest_type) const;
 
+  // Returns the list of blocked API permissions for the extension |id|.
+  const APIPermissionSet& GetBlockedAPIPermissions(const ExtensionId& id) const;
+
+  // Returns blocked permission set for extension |id|.
+  scoped_refptr<const PermissionSet> GetBlockedPermissions(
+      const ExtensionId& id) const;
+
+  // Returns true if every permission in |perms| is allowed for extension |id|.
+  bool IsPermissionSetAllowed(const ExtensionId& id,
+                              scoped_refptr<const PermissionSet> perms) const;
+
  private:
   typedef base::ScopedPtrHashMap<ExtensionId, internal::IndividualSettings>
       SettingsIdMap;
   friend class ExtensionManagementServiceTest;
 
   // Load all extension management preferences from |pref_service|, and
   // refresh the settings.
   void Refresh();
 
   // Load preference with name |pref_name| and expected type |expected_type|.
@@ skipping 34 matching lines @@
   // enforced.
   scoped_ptr<internal::IndividualSettings> default_settings_;
 
   // Extension settings applicable to all extensions.
   scoped_ptr<internal::GlobalSettings> global_settings_;
 
   PrefService* pref_service_;
 
   ObserverList<Observer, true> observer_list_;
   PrefChangeRegistrar pref_change_registrar_;
-  scoped_ptr<ManagementPolicy::Provider> provider_;
+  ScopedVector<ManagementPolicy::Provider> providers_;
 
   DISALLOW_COPY_AND_ASSIGN(ExtensionManagement);
 };
 
 class ExtensionManagementFactory : public BrowserContextKeyedServiceFactory {
  public:
   static ExtensionManagement* GetForBrowserContext(
       content::BrowserContext* context);
   static ExtensionManagementFactory* GetInstance();
 
@@ skipping 10 matching lines @@
       content::BrowserContext* context) const override;
   void RegisterProfilePrefs(
       user_prefs::PrefRegistrySyncable* registry) override;
 
   DISALLOW_COPY_AND_ASSIGN(ExtensionManagementFactory);
 };
 
 }  // namespace extensions
 
 #endif  // CHROME_BROWSER_EXTENSIONS_EXTENSION_MANAGEMENT_H_