commit e9221878148b4ddc62217ad65e5318da061f1247
author Tim Judkins <tjudkins@chromium.org> Sat Jan 25 01:37:53 2020
committer Commit Bot <commit-bot@chromium.org> Sat Jan 25 01:37:53 2020
tree fdac89b1a4d2dc4329d5e9d07b974f10652658c6
parent e998677285eb212c70fda7ed9c3d22931a478f8e

[Extensions] Add UI to install prompt to allow withholding permissions.

This change adds a checkbox UI element to the extension installation
prompt if the feature is enabled. If checked during installation of a
local crx file, all requested host permissions for the extension will
be withheld by default.

The checkbox will also show up on other install prompts with this change
(such as the webstore install prompt), but support for it triggering
permissions to be withheld will be added in a followup CL.

Bug: 984069
Change-Id: I42072d03341fbd9424e1934e71ebf641c1a3165e
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1983265
Commit-Queue: Tim Judkins <tjudkins@chromium.org>
Reviewed-by: Devlin <rdevlin.cronin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#735194}

chrome/browser/extensions/extension_install_prompt.cc

diff --git a/chrome/browser/extensions/extension_install_prompt.cc b/chrome/browser/extensions/extension_install_prompt.cc
index 401ec90..b03355f 100644
--- a/chrome/browser/extensions/extension_install_prompt.cc
+++ b/chrome/browser/extensions/extension_install_prompt.cc
@@ -29,6 +29,7 @@
 #include "extensions/browser/image_loader.h"
 #include "extensions/browser/install/extension_install_ui.h"
 #include "extensions/common/extension.h"
+#include "extensions/common/extension_features.h"
 #include "extensions/common/extension_icon_set.h"
 #include "extensions/common/extension_resource.h"
 #include "extensions/common/feature_switch.h"
@@ -77,6 +78,7 @@
 
 ExtensionInstallPrompt::Prompt::Prompt(PromptType type)
     : type_(type),
+      is_requesting_host_permissions_(false),
       is_showing_details_for_retained_files_(false),
       is_showing_details_for_retained_devices_(false),
       extension_(nullptr),
@@ -96,6 +98,9 @@
   Manifest::Type type =
       extension_ ? extension_->GetType() : Manifest::TYPE_UNKNOWN;
   prompt_permissions_.LoadFromPermissionSet(&permissions, type);
+  if (!permissions.effective_hosts().is_empty()) {
+    is_requesting_host_permissions_ = true;
+  }
 }
 
 void ExtensionInstallPrompt::Prompt::AddPermissionMessages(
@@ -426,6 +431,14 @@
   return !retained_files_.empty();
 }
 
+bool ExtensionInstallPrompt::Prompt::ShouldDisplayWithholdingUI() const {
+  return base::FeatureList::IsEnabled(
+             extensions_features::
+                 kAllowWithholdingExtensionPermissionsOnInstall) &&
+         extensions::util::CanWithholdPermissionsFromExtension(*extension_) &&
+         is_requesting_host_permissions_ && type_ == INSTALL_PROMPT;
+}
+
 // static
 ExtensionInstallPrompt::PromptType
 ExtensionInstallPrompt::GetReEnablePromptTypeForExtension(
@@ -645,11 +658,17 @@
     // the real implementations it's highly likely the message loop will be
     // pumping a few times before the user clicks accept or cancel.
     case extensions::ScopedTestDialogAutoConfirm::ACCEPT:
-    case extensions::ScopedTestDialogAutoConfirm::ACCEPT_AND_OPTION:
       base::ThreadTaskRunnerHandle::Get()->PostTask(
           FROM_HERE, base::BindOnce(std::move(done_callback_),
                                     ExtensionInstallPrompt::Result::ACCEPTED));
       return true;
+    case extensions::ScopedTestDialogAutoConfirm::ACCEPT_AND_OPTION:
+      base::ThreadTaskRunnerHandle::Get()->PostTask(
+          FROM_HERE,
+          base::BindOnce(
+              std::move(done_callback_),
+              ExtensionInstallPrompt::Result::ACCEPTED_AND_OPTION_CHECKED));
+      return true;
     case extensions::ScopedTestDialogAutoConfirm::CANCEL:
       base::ThreadTaskRunnerHandle::Get()->PostTask(
           FROM_HERE,