Add policy controlled permission block list for extensions

chrome/browser/extensions/extension_management.h

Index: chrome/browser/extensions/extension_management.h
diff --git a/chrome/browser/extensions/extension_management.h b/chrome/browser/extensions/extension_management.h
index 879cffb910c77f6f77335e41ba86eb6adbf7aa5e..2dba362b9a532e25d88b846b738eeaade4b464e9 100644
--- a/chrome/browser/extensions/extension_management.h
+++ b/chrome/browser/extensions/extension_management.h
@@ -7,7 +7,9 @@
 
 #include "base/containers/scoped_ptr_hash_map.h"
 #include "base/macros.h"
+#include "base/memory/ref_counted.h"
 #include "base/memory/scoped_ptr.h"
+#include "base/memory/scoped_vector.h"
 #include "base/memory/singleton.h"
 #include "base/observer_list.h"
 #include "base/prefs/pref_change_registrar.h"
@@ -34,6 +36,9 @@ struct GlobalSettings;
 
 }  // namespace internal
 
+class APIPermissionSet;
+class PermissionSet;
+
 // Tracks the management policies that affect extensions and provides interfaces
 // for observing and obtaining the global settings for all extensions, as well
 // as per-extension settings.
@@ -65,12 +70,15 @@ class ExtensionManagement : public KeyedService {
   explicit ExtensionManagement(PrefService* pref_service);
   ~ExtensionManagement() override;
 
+  // KeyedService implementations.

[Finnur, 2014/10/30 14:16:59]

nit: The agreed upon syntax for this was:
// InterfaceName:

[binjin, 2014/10/30 16:41:11]

Done.

+  virtual void ShutDown();

[Finnur, 2014/10/30 14:16:59]

delete 'virtual' and add 'override' at the end.

[binjin, 2014/10/30 16:41:11]

Done. Also found that I mis-spelled the method name.

+
   void AddObserver(Observer* observer);
   void RemoveObserver(Observer* observer);
 
-  // Get the ManagementPolicy::Provider controlled by extension management
-  // policy settings.
-  ManagementPolicy::Provider* GetProvider() const;
+  // Get the list of ManagementPolicy::Provider controlled by extension
+  // management policy settings.
+  std::vector<ManagementPolicy::Provider*> GetProviders() const;
 
   // Checks if extensions are blacklisted by default, by policy. When true,
   // this means that even extensions without an ID should be blacklisted (e.g.
@@ -99,6 +107,17 @@ class ExtensionManagement : public KeyedService {
   // allowed to be installed.
   bool IsAllowedManifestType(Manifest::Type manifest_type) const;
 
+  // Returns the list of blocked API permissions for the extension |id|.
+  const APIPermissionSet& GetBlockedAPIPermissions(const ExtensionId& id) const;
+
+  // Returns blocked permission set for extension |id|.
+  scoped_refptr<const PermissionSet> GetBlockedPermissions(
+      const ExtensionId& id) const;
+
+  // Returns true if every permission in |perms| is allowed for extension |id|.
+  bool IsPermissionSetAllowed(const ExtensionId& id,
+                              scoped_refptr<const PermissionSet> perms) const;
+
  private:
   typedef base::ScopedPtrHashMap<ExtensionId, internal::IndividualSettings>
       SettingsIdMap;
@@ -153,7 +172,7 @@ class ExtensionManagement : public KeyedService {
 
   ObserverList<Observer, true> observer_list_;
   PrefChangeRegistrar pref_change_registrar_;
-  scoped_ptr<ManagementPolicy::Provider> provider_;
+  ScopedVector<ManagementPolicy::Provider> providers_;
 
   DISALLOW_COPY_AND_ASSIGN(ExtensionManagement);
 };