| Index: chrome/browser/extensions/api/permissions/permissions_api.cc
|
| diff --git a/chrome/browser/extensions/api/permissions/permissions_api.cc b/chrome/browser/extensions/api/permissions/permissions_api.cc
|
| index 0f23d4c5209464b42d62675d67aca68561f4c511..2b0b6a0eb12b719d368da52875b60712bb4c2c3d 100644
|
| --- a/chrome/browser/extensions/api/permissions/permissions_api.cc
|
| +++ b/chrome/browser/extensions/api/permissions/permissions_api.cc
|
| @@ -7,6 +7,7 @@
|
| #include "base/memory/scoped_ptr.h"
|
| #include "chrome/browser/chrome_notification_types.h"
|
| #include "chrome/browser/extensions/api/permissions/permissions_api_helpers.h"
|
| +#include "chrome/browser/extensions/extension_management.h"
|
| #include "chrome/browser/extensions/permissions_updater.h"
|
| #include "chrome/browser/profiles/profile.h"
|
| #include "chrome/common/extensions/api/permissions.h"
|
| @@ -30,6 +31,8 @@ namespace helpers = permissions_api_helpers;
|
|
|
| namespace {
|
|
|
| +const char kBlockedByEnterprisePolicy[] =
|
| + "Permissions are blocked by enterprise policy.";
|
| const char kCantRemoveRequiredPermissionsError[] =
|
| "You cannot remove required permissions.";
|
| const char kNotInOptionalPermissionsError[] =
|
| @@ -180,6 +183,15 @@ bool PermissionsRequestFunction::RunAsync() {
|
| return false;
|
| }
|
|
|
| + // Automatically declines api permissions requests, which are blocked by
|
| + // enterprise policy.
|
| + if (!ExtensionManagementFactory::GetForBrowserContext(GetProfile())
|
| + ->IsPermissionSetAllowed(extension()->id(),
|
| + requested_permissions_)) {
|
| + error_ = kBlockedByEnterprisePolicy;
|
| + return false;
|
| + }
|
| +
|
| // We don't need to prompt the user if the requested permissions are a subset
|
| // of the granted permissions set.
|
| scoped_refptr<const PermissionSet> granted =
|
|
|
Chromium Code Reviews
Issue 595363002:
Add policy controlled permission block list for extensions (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@ext-fix