Reland: Communicate ExtensionSettings policy to renderers
Origional CL (2499493004) was rolled back by sheriff due to failing MSAN tests.
This initial patchset is a direct patch of 2499493004. Second patchset contains the fix.
-Communicate which hosts are runtime blocked to all renderers
-Blocks host permissions for specific hosts by specific extensions
-Tests via blocking content script injection
-Introduces new test class for use with ExtensionSettings policy
BUG=624649
Review-Url: https://codereview.chromium.org/2833843004
Cr-Commit-Position: refs/heads/master@{#466832}
diff --git a/chrome/browser/extensions/extension_service.cc b/chrome/browser/extensions/extension_service.cc
index b74712c..42205f6 100644
--- a/chrome/browser/extensions/extension_service.cc
+++ b/chrome/browser/extensions/extension_service.cc
@@ -1255,6 +1255,21 @@
extensions::ExtensionManagement* management =
extensions::ExtensionManagementFactory::GetForBrowserContext(profile());
+ extensions::PermissionsUpdater(profile()).SetDefaultPolicyHostRestrictions(
+ management->GetDefaultRuntimeBlockedHosts(),
+ management->GetDefaultRuntimeAllowedHosts());
+ for (const auto& extension : registry_->enabled_extensions()) {
+ bool uses_default =
+ management->UsesDefaultRuntimeHostRestrictions(extension.get());
+ if (uses_default) {
+ extensions::PermissionsUpdater(profile()).SetUsesDefaultHostRestrictions(
+ extension.get());
+ } else {
+ extensions::PermissionsUpdater(profile()).SetPolicyHostRestrictions(
+ extension.get(), management->GetRuntimeBlockedHosts(extension.get()),
+ management->GetRuntimeAllowedHosts(extension.get()));
+ }
+ }
// Loop through the disabled extension list, find extensions to re-enable
// automatically. These extensions are exclusive from the |to_disable| and
