Add policy controlled permission block list for extensions

chrome/browser/extensions/extension_management_test_util.cc

Index: chrome/browser/extensions/extension_management_test_util.cc
diff --git a/chrome/browser/extensions/extension_management_test_util.cc b/chrome/browser/extensions/extension_management_test_util.cc
index e60f9fc22bdad25603b132f790d4663362b6b5be..930208db63c9af092d468dc1ee1dfbb669900303 100644
--- a/chrome/browser/extensions/extension_management_test_util.cc
+++ b/chrome/browser/extensions/extension_management_test_util.cc
@@ -4,7 +4,16 @@
 
 #include "chrome/browser/extensions/extension_management_test_util.h"
 
+#include <string>
+
 #include "components/crx_file/id_util.h"
+#include "components/policy/core/common/configuration_policy_provider.h"
+#include "components/policy/core/common/mock_configuration_policy_provider.h"
+#include "components/policy/core/common/policy_bundle.h"
+#include "components/policy/core/common/policy_map.h"
+#include "components/policy/core/common/policy_namespace.h"
+#include "components/policy/core/common/policy_types.h"
+#include "policy/policy/policy_constants.h"
 
 namespace extensions {
 
@@ -12,13 +21,13 @@ namespace schema = schema_constants;
 
 namespace {
 
+const char kInstallSourcesPath[] = "*.install_sources";
+const char kAllowedTypesPath[] = "*.allowed_types";
+
 std::string make_path(std::string a, std::string b) {
   return a + "." + b;
 }
 
-const char kInstallSourcesPath[] = "*.install_sources";
-const char kAllowedTypesPath[] = "*.allowed_types";
-
 }  // namespace
 
 ExtensionManagementPrefUpdaterBase::ExtensionManagementPrefUpdaterBase() {
@@ -27,6 +36,8 @@ ExtensionManagementPrefUpdaterBase::ExtensionManagementPrefUpdaterBase() {
 ExtensionManagementPrefUpdaterBase::~ExtensionManagementPrefUpdaterBase() {
 }
 
+// Helper functions for per extension settings ---------------------------------
+
 void ExtensionManagementPrefUpdaterBase::UnsetPerExtensionSettings(
     const ExtensionId& id) {
   DCHECK(crx_file::id_util::IdIsValid(id));
@@ -39,6 +50,8 @@ void ExtensionManagementPrefUpdaterBase::ClearPerExtensionSettings(
   pref_->SetWithoutPathExpansion(id, new base::DictionaryValue());
 }
 
+// Helper functions for 'installation_mode' manipulation -----------------------
+
 void ExtensionManagementPrefUpdaterBase::SetBlacklistedByDefault(bool value) {
   pref_->SetString(make_path(schema::kWildcard, schema::kInstallationMode),
                    value ? schema::kBlocked : schema::kAllowed);
@@ -77,6 +90,8 @@ void ExtensionManagementPrefUpdaterBase::SetIndividualExtensionAutoInstalled(
   pref_->SetString(make_path(id, schema::kUpdateUrl), update_url);
 }
 
+// Helper functions for 'install_sources' manipulation -------------------------
+
 void ExtensionManagementPrefUpdaterBase::UnsetInstallSources() {
   pref_->Remove(kInstallSourcesPath, NULL);
 }
@@ -95,6 +110,8 @@ void ExtensionManagementPrefUpdaterBase::RemoveInstallSource(
   RemoveStringFromList(kInstallSourcesPath, install_source);
 }
 
+// Helper functions for 'allowed_types' manipulation ---------------------------
+
 void ExtensionManagementPrefUpdaterBase::UnsetAllowedTypes() {
   pref_->Remove(kAllowedTypesPath, NULL);
 }
@@ -108,10 +125,76 @@ void ExtensionManagementPrefUpdaterBase::AddAllowedType(
   AddStringToList(kAllowedTypesPath, allowed_type);
 }
 
+void ExtensionManagementPrefUpdaterBase::RemoveAllowedType(
+    const std::string& allowed_type) {
+  RemoveStringFromList(kAllowedTypesPath, allowed_type);
+}
+
+// Helper functions for 'blocked_permissions' manipulation ---------------------
+
+void ExtensionManagementPrefUpdaterBase::UnsetBlockedPermissions(
+    const std::string& prefix) {
+  DCHECK(prefix == schema::kWildcard || crx_file::id_util::IdIsValid(prefix));
+  pref_->Remove(make_path(prefix, schema::kBlockedPermissions), NULL);
+}
+
+void ExtensionManagementPrefUpdaterBase::ClearBlockedPermissions(
+    const std::string& prefix) {
+  DCHECK(prefix == schema::kWildcard || crx_file::id_util::IdIsValid(prefix));
+  ClearList(make_path(prefix, schema::kBlockedPermissions));
+}
+
+void ExtensionManagementPrefUpdaterBase::AddBlockedPermission(
+    const std::string& prefix,
+    const std::string& permission) {
+  DCHECK(prefix == schema::kWildcard || crx_file::id_util::IdIsValid(prefix));
+  AddStringToList(make_path(prefix, schema::kBlockedPermissions), permission);
+}
+
+void ExtensionManagementPrefUpdaterBase::RemoveBlockedPermission(
+    const std::string& prefix,
+    const std::string& permission) {
+  DCHECK(prefix == schema::kWildcard || crx_file::id_util::IdIsValid(prefix));
+  RemoveStringFromList(make_path(prefix, schema::kBlockedPermissions),
+                       permission);
+}
+
+// Helper functions for 'allowed_permissions' manipulation ---------------------
+
+void ExtensionManagementPrefUpdaterBase::UnsetAllowedPermissions(
+    const std::string& id) {
+  DCHECK(crx_file::id_util::IdIsValid(id));
+  pref_->Remove(make_path(id, schema::kAllowedPermissions), NULL);
+}
+
+void ExtensionManagementPrefUpdaterBase::ClearAllowedPermissions(
+    const std::string& id) {
+  DCHECK(crx_file::id_util::IdIsValid(id));
+  ClearList(make_path(id, schema::kAllowedPermissions));
+}
+
+void ExtensionManagementPrefUpdaterBase::AddAllowedPermission(
+    const std::string& id,
+    const std::string& permission) {
+  DCHECK(crx_file::id_util::IdIsValid(id));
+  AddStringToList(make_path(id, schema::kAllowedPermissions), permission);
+}
+
+void ExtensionManagementPrefUpdaterBase::RemoveAllowedPermission(
+    const std::string& id,
+    const std::string& permission) {
+  DCHECK(crx_file::id_util::IdIsValid(id));
+  RemoveStringFromList(make_path(id, schema::kAllowedPermissions), permission);
+}
+
+// Expose a read-only preference to user ---------------------------------------
+
 const base::DictionaryValue* ExtensionManagementPrefUpdaterBase::GetPref() {
   return pref_.get();
 }
 
+// Private section functions ---------------------------------------------------
+
 void ExtensionManagementPrefUpdaterBase::SetPref(base::DictionaryValue* pref) {
   pref_.reset(pref);
 }
@@ -121,11 +204,6 @@ ExtensionManagementPrefUpdaterBase::TakePref() {
   return pref_.Pass();
 }
 
-void ExtensionManagementPrefUpdaterBase::RemoveAllowedType(
-    const std::string& allowd_type) {
-  RemoveStringFromList(kAllowedTypesPath, allowd_type);
-}
-
 void ExtensionManagementPrefUpdaterBase::ClearList(const std::string& path) {
   pref_->Set(path, new base::ListValue());
 }
@@ -149,4 +227,29 @@ void ExtensionManagementPrefUpdaterBase::RemoveStringFromList(
     CHECK(list_value->Remove(base::StringValue(str), NULL));
 }
 
+// ExtensionManagementPolicyUpdater --------------------------------------------
+
+ExtensionManagementPolicyUpdater::ExtensionManagementPolicyUpdater(
+    policy::MockConfigurationPolicyProvider* policy_provider)
+    : provider_(policy_provider), policies_(new policy::PolicyBundle) {
+  policies_->CopyFrom(provider_->policies());
+  const base::Value* policy_value =
+      policies_->Get(policy::PolicyNamespace(policy::POLICY_DOMAIN_CHROME,
+                                             std::string()))
+          .GetValue(policy::key::kExtensionSettings);
+  const base::DictionaryValue* dict_value = nullptr;
+  if (policy_value && policy_value->GetAsDictionary(&dict_value))
+    SetPref(dict_value->DeepCopy());
+  else
+    SetPref(new base::DictionaryValue);
+}
+
+ExtensionManagementPolicyUpdater::~ExtensionManagementPolicyUpdater() {
+  policies_->Get(policy::PolicyNamespace(policy::POLICY_DOMAIN_CHROME,
+                                         std::string()))
+      .Set(policy::key::kExtensionSettings, policy::POLICY_LEVEL_MANDATORY,
+           policy::POLICY_SCOPE_USER, TakePref().release(), nullptr);
+  provider_->UpdatePolicy(policies_.Pass());
+}
+
 }  // namespace extensions