Extensions: Policy blocked hosts supersede `debugger` permission
Bug: 1139156
Change-Id: Iade012ca814b872d156763b034fbc2be1a647502
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2803843
Commit-Queue: Solomon Kinard <[email protected]>
Reviewed-by: Karan Bhatia <[email protected]>
Reviewed-by: Devlin <[email protected]>
Cr-Commit-Position: refs/heads/master@{#870242}
diff --git a/chrome/browser/extensions/api/debugger/debugger_api.cc b/chrome/browser/extensions/api/debugger/debugger_api.cc
index a0c6dfe6..cfd5e2c 100644
--- a/chrome/browser/extensions/api/debugger/debugger_api.cc
+++ b/chrome/browser/extensions/api/debugger/debugger_api.cc
@@ -105,6 +105,10 @@
if (extension.permissions_data()->IsRestrictedUrl(url, error))
return false;
+ // Policy blocked hosts supersede the `debugger` permission.
+ if (extension.permissions_data()->IsPolicyBlockedHost(url))
+ return false;
+
if (url.SchemeIsFile() && !util::AllowFileAccess(extension.id(), profile)) {
*error = debugger_api_constants::kRestrictedError;
return false;
@@ -470,8 +474,9 @@
ProcessManager::Get(browser_context())
->GetBackgroundHostForExtension(*debuggee_.extension_id);
if (extension_host) {
- if (extension()->permissions_data()->IsRestrictedUrl(
- extension_host->GetLastCommittedURL(), error)) {
+ const GURL& url = extension_host->GetLastCommittedURL();
+ if (extension()->permissions_data()->IsRestrictedUrl(url, error) ||
+ extension()->permissions_data()->IsPolicyBlockedHost(url)) {
return false;
}
agent_host_ =
