Add policy controlled permission block list for extensions

chrome/browser/extensions/extension_management.h

Index: chrome/browser/extensions/extension_management.h
diff --git a/chrome/browser/extensions/extension_management.h b/chrome/browser/extensions/extension_management.h
index d7410e2234f70a62e40a6e7dc29ceee8623cbd8f..cb8b99560a966d2d40aebc2e2d6a0fbb88605d3f 100644
--- a/chrome/browser/extensions/extension_management.h
+++ b/chrome/browser/extensions/extension_management.h
@@ -7,7 +7,9 @@
 
 #include "base/containers/scoped_ptr_hash_map.h"
 #include "base/macros.h"
+#include "base/memory/ref_counted.h"
 #include "base/memory/scoped_ptr.h"
+#include "base/memory/scoped_vector.h"
 #include "base/memory/singleton.h"
 #include "base/observer_list.h"
 #include "base/prefs/pref_change_registrar.h"
@@ -34,6 +36,9 @@ struct GlobalSettings;
 
 }  // namespace internal
 
+class APIPermissionSet;
+class PermissionSet;
+
 // Tracks the management policies that affect extensions and provides interfaces
 // for observing and obtaining the global settings for all extensions, as well
 // as per-extension settings.
@@ -68,9 +73,9 @@ class ExtensionManagement : public KeyedService {
   void AddObserver(Observer* observer);
   void RemoveObserver(Observer* observer);
 
-  // Get the ManagementPolicy::Provider controlled by extension management
-  // policy settings.
-  ManagementPolicy::Provider* GetProvider() const;
+  // Get the list of ManagementPolicy::Provider controlled by extension
+  // management policy settings.
+  std::vector<ManagementPolicy::Provider*> GetProviders() const;
 
   // Checks if extensions are blacklisted by default, by policy. When true,
   // this means that even extensions without an ID should be blacklisted (e.g.
@@ -95,6 +100,17 @@ class ExtensionManagement : public KeyedService {
   // allowed to be installed.
   bool IsAllowedManifestType(Manifest::Type manifest_type) const;
 
+  // Returns the list of blocked API permissions for the extension |id|.
+  const APIPermissionSet& GetBlockedAPIPermissions(const ExtensionId& id) const;
+
+  // Returns blocked permission set for extension |id|.
+  scoped_refptr<const PermissionSet> GetBlockedPermissions(
+      const ExtensionId& id) const;
+
+  // Returns true if every permssion in |perms| are allowed for extension |id|.

[Joao da Silva, 2014/10/15 14:39:25]

permission

is allowed

[binjin, 2014/10/16 18:13:57]

Done.

+  bool IsPermissionSetAllowed(const ExtensionId& id,
+                              scoped_refptr<const PermissionSet> perms) const;
+
  private:
   typedef base::ScopedPtrHashMap<ExtensionId, internal::IndividualSettings>
       SettingsIdMap;
@@ -149,7 +165,7 @@ class ExtensionManagement : public KeyedService {
 
   ObserverList<Observer, true> observer_list_;
   PrefChangeRegistrar pref_change_registrar_;
-  scoped_ptr<ManagementPolicy::Provider> provider_;
+  ScopedVector<ManagementPolicy::Provider> providers_;
 
   DISALLOW_COPY_AND_ASSIGN(ExtensionManagement);
 };