Add policy controlled permission block list for extensions

chrome/browser/extensions/extension_management_internal.h

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 #ifndef CHROME_BROWSER_EXTENSIONS_EXTENSION_MANAGEMENT_INTERNAL_H_
 #define CHROME_BROWSER_EXTENSIONS_EXTENSION_MANAGEMENT_INTERNAL_H_
 
 #include <string>
 #include <vector>
 
 #include "base/macros.h"
 #include "chrome/browser/extensions/extension_management.h"
 #include "extensions/common/manifest.h"
+#include "extensions/common/permissions/api_permission_set.h"
 
 namespace base {
 class DictionaryValue;
 }  // namespace base
 
 namespace extensions {
 
 class URLPatternSet;
 
 namespace internal {
@@ skipping 12 matching lines @@
 
   IndividualSettings();
   ~IndividualSettings();
 
   void Reset();
 
   // Parses the individual settings. |dict| is the a sub-dictionary in extension
   // management preference and |scope| represents the applicable range of the
   // settings, a single extension, a group of extensions or default settings.
   // Note that in case of parsing errors, |this| will NOT be left untouched.
+  // This method is required to be called in order of ParsingScope, i.e. first
+  // SCOPE_DEFAULT, then SCOPE_INDIVIDUAL.
   bool Parse(const base::DictionaryValue* dict, ParsingScope scope);
 
   // Extension installation mode. Setting this to INSTALLATION_FORCED or
   // INSTALLATION_RECOMMENDED will enable extension auto-loading (only
   // applicable to single extension), and in this case the |update_url| must
   // be specified, containing the update URL for this extension.
   // Note that |update_url| will be ignored for INSTALLATION_ALLOWED and
   // INSTALLATION_BLOCKED installation mode.
   // These settings will override the default settings, and unspecified
   // settings will take value from default settings.
   ExtensionManagement::InstallationMode installation_mode;
   std::string update_url;
 
+  // Permissions settings for extensions. These settings won't give granted

[Finnur, 2014/10/30 14:16:59]

nit: s/give granted/grant/ ?

[binjin, 2014/10/30 16:41:11]

Done.

+  // permissions to extensions automatically. Instead, these settings will
+  // provide a list of blocked permissions for each extension. That is, if
+  // an extension requires a permission which is on the blocklist for it,

[Finnur, 2014/10/30 14:16:59]

s/is on the blocklist for it/has been blacklisted/

[binjin, 2014/10/30 16:41:11]

Done.

+  // this extension will not be allowed to be loaded. And if it contains a

[Finnur, 2014/10/30 14:16:59]

s/be loaded/load/

[binjin, 2014/10/30 16:41:11]

Done.

+  // blocked permission as optional requirement, it will be allowed to
+  // be loaded (of course, with permission granted from other part of

[Finnur, 2014/10/30 14:16:59]

s/be loaded/load/

"with permission granted from other part of extension system"
What does that mean?

[binjin, 2014/10/30 16:41:11]

Done. I mean "granted by user if necessary", updated.

+  // extension system), but conflicting permissions will not be usable.

[Finnur, 2014/10/30 14:16:59]

nit: s/not be usable/be dropped/ ?

[binjin, 2014/10/30 16:41:11]

Done.

+  // These settings will merge from the default settings, and unspecified
+  // settings will take value from default settings.
+  APIPermissionSet blocked_permissions;
+
  private:
   DISALLOW_ASSIGN(IndividualSettings);
 };
 
 // Global extension management settings, applicable to all extensions.
 struct GlobalSettings {
   GlobalSettings();
   ~GlobalSettings();
 
   void Reset();
@@ skipping 10 matching lines @@
 
  private:
   DISALLOW_COPY_AND_ASSIGN(GlobalSettings);
 };
 
 }  // namespace internal
 
 }  // namespace extensions
 
 #endif  // CHROME_BROWSER_EXTENSIONS_EXTENSION_MANAGEMENT_INTERNAL_H_