Add policy controlled permission block list for extensions
This CL adds permissions block list for extensions. Currently only simple API permissions are supported, and the block list applies to both required and optional permissions of extensions.
BUG=177351
Review URL: https://codereview.chromium.org/595363002
Cr-Commit-Position: refs/heads/master@{#302211}
diff --git a/chrome/browser/extensions/extension_service.cc b/chrome/browser/extensions/extension_service.cc
index 7636dfe7..76ac9a2 100644
--- a/chrome/browser/extensions/extension_service.cc
+++ b/chrome/browser/extensions/extension_service.cc
@@ -1709,6 +1709,23 @@
void ExtensionService::OnExtensionManagementSettingsChanged() {
error_controller_->ShowErrorIfNeeded();
+
+ // Revokes blocked permissions from active_permissions for all extensions.
+ extensions::ExtensionManagement* settings =
+ extensions::ExtensionManagementFactory::GetForBrowserContext(profile());
+ CHECK(settings);
+ scoped_ptr<ExtensionSet> all_extensions(
+ registry_->GenerateInstalledExtensionsSet());
+ for (const auto& extension : *all_extensions.get()) {
+ if (!settings->IsPermissionSetAllowed(
+ extension->id(),
+ extension->permissions_data()->active_permissions())) {
+ extensions::PermissionsUpdater(profile()).RemovePermissions(
+ extension.get(),
+ settings->GetBlockedPermissions(extension->id()).get());
+ }
+ }
+
CheckManagementPolicy();
}
