Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(2)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/browser/extensions/extension_management_internal.cc

Issue 595363002: Add policy controlled permission block list for extensions (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@ext-fix
Patch Set: fix memory leaks Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/browser/extensions/extension_management_internal.h ('k') | chrome/browser/extensions/extension_management_test_util.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/browser/extensions/extension_management_internal.cc
diff --git a/chrome/browser/extensions/extension_management_internal.cc b/chrome/browser/extensions/extension_management_internal.cc
index 73bd132fbf831a7ee68bcbe04a9957153a721472..ca7c5fb710d264f19ed0e30f8f747b91477dd5e9 100644
--- a/chrome/browser/extensions/extension_management_internal.cc
+++ b/chrome/browser/extensions/extension_management_internal.cc
@@ -67,12 +67,64 @@ bool IndividualSettings::Parse(const base::DictionaryValue* dict,
}
}
+ // Parses the blocked permission settings.
+ const base::ListValue* list_value = nullptr;
+ base::string16 error;
+
+ // If applicable, inherit from global block list and remove all explicitly
+ // allowed permissions.
+ if (scope != SCOPE_DEFAULT &&
+ dict->GetListWithoutPathExpansion(schema_constants::kAllowedPermissions,
+ &list_value)) {
+ // It is assumed that Parse() is already called for SCOPE_DEFAULT and
+ // settings specified for |this| is initialized by copying from default
+ // settings, including the |blocked_permissions| setting here.
+ // That is, |blocked_permissions| should be the default block permissions
+ // list settings here.
+ APIPermissionSet globally_blocked_permissions = blocked_permissions;
+ APIPermissionSet explicitly_allowed_permissions;
+ // Reuses code for parsing API permissions from manifest. But note that we
+ // only support list of strings type.
+ if (!APIPermissionSet::ParseFromJSON(
+ list_value,
+ APIPermissionSet::kDisallowInternalPermissions,
+ &explicitly_allowed_permissions,
+ &error,
+ nullptr)) {
+ // There might be unknown permissions, warn and just ignore them;
+ LOG(WARNING) << error;
+ }
+ APIPermissionSet::Difference(globally_blocked_permissions,
+ explicitly_allowed_permissions,
+ &blocked_permissions);
+ }
+
+ // Then add all newly blocked permissions to the list.
+ if (dict->GetListWithoutPathExpansion(schema_constants::kBlockedPermissions,
+ &list_value)) {
+ // The |blocked_permissions| might be the result of the routines above,
+ // or remains the same as default block permissions settings.
+ APIPermissionSet permissions_to_merge_from = blocked_permissions;
+ APIPermissionSet permissions_parsed;
+ if (!APIPermissionSet::ParseFromJSON(
+ list_value,
+ APIPermissionSet::kDisallowInternalPermissions,
+ &permissions_parsed,
+ &error,
+ nullptr)) {
+ LOG(WARNING) << error;
+ }
+ APIPermissionSet::Union(
+ permissions_to_merge_from, permissions_parsed, &blocked_permissions);
+ }
+
return true;
}
void IndividualSettings::Reset() {
installation_mode = ExtensionManagement::INSTALLATION_ALLOWED;
update_url.clear();
+ blocked_permissions.clear();
}
GlobalSettings::GlobalSettings() {
« no previous file with comments | « chrome/browser/extensions/extension_management_internal.h ('k') | chrome/browser/extensions/extension_management_test_util.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698