[Extensions Click-to-Script] Refactor parsing in permissions API

Refactor the permissions parsing in the chrome.permissions API in order
to separate out requested permissions into different fields, including
required permissions, optional permissions, and permissions that were
not specified in the manifest.

Add more robust testing for the permissions parsing code.

This CL is prework for subsequently adding support for requesting
withheld content script permissions through the permissions API. There
should be no behavior change as a result of this CL.

Bug: 889654
Change-Id: I22c1e057ccb259b4fcff4051923fc9c1128c8213
Reviewed-on: https://chromium-review.googlesource.com/c/1347310
Commit-Queue: Devlin <rdevlin.cronin@chromium.org>
Reviewed-by: Karan Bhatia <karandeepb@chromium.org>
Cr-Commit-Position: refs/heads/master@{#611846}

chrome/browser/extensions/api/permissions/permissions_api_helpers.h

@@ -9,6 +9,8 @@
 #include <string>
 
 #include "base/memory/ref_counted.h"
+#include "extensions/common/permissions/api_permission_set.h"
+#include "extensions/common/url_pattern_set.h"
 
 namespace extensions {
 
@@ -26,10 +28,43 @@ namespace permissions_api_helpers {
 std::unique_ptr<api::permissions::Permissions> PackPermissionSet(
     const PermissionSet& set);
 
-// Creates a permission set from |permissions|. Returns NULL if the permissions
-// cannot be converted to a permission set, in which case |error| will be set.
-std::unique_ptr<const PermissionSet> UnpackPermissionSet(
-    const api::permissions::Permissions& permissions,
+// The result of unpacking the API permissions object.
+struct UnpackPermissionSetResult {
+  UnpackPermissionSetResult();
+  ~UnpackPermissionSetResult();
+
+  // API permissions that are in the extension's "required" permission set.
+  APIPermissionSet required_apis;
+  // Explicit hosts that are in the extension's "required" permission set.
+  URLPatternSet required_explicit_hosts;
+  // TODO(devlin): Add scriptable host support.
+  // https://crbug.com/889654.
+
+  // API permissions that are in the extension's "optional" permission set.
+  APIPermissionSet optional_apis;
+  // API permissions that are in the extension's "optional" permission set,
+  // but don't support the optional permissions API.
+  APIPermissionSet unsupported_optional_apis;
+  // Explicit hosts that are in the extension's "optional" permission set.
+  URLPatternSet optional_explicit_hosts;
+
+  // API permissions that were not listed in the extension's permissions.
+  APIPermissionSet unlisted_apis;
+  // Host permissions that were not listed in the extension's permissions.
+  URLPatternSet unlisted_hosts;
+};
+
+// Parses the |permissions_input| object, and partitions permissions into the
+// result. |required_permissions| and |optional_permissions| are the required
+// and optional permissions specified in the extension's manifest, used for
+// separating permissions. |allow_file_access| is used to determine whether the
+// file:-scheme is valid for host permissions. If an error is detected (e.g.,
+// an unknown API permission, invalid URL pattern, or API that doesn't support
+// being optional), |error| is populated and null is returned.
+std::unique_ptr<UnpackPermissionSetResult> UnpackPermissionSet(
+    const api::permissions::Permissions& permissions_input,
+    const PermissionSet& required_permissions,
+    const PermissionSet& optional_permissions,
     bool allow_file_access,
     std::string* error);
 

chrome/test/data/extensions/api_test/permissions/optional/background.js

@@ -16,7 +16,7 @@ var NOT_OPTIONAL_ERROR =
 var REQUIRED_ERROR =
     "You cannot remove required permissions.";
 
-var NOT_WHITE_LISTED_ERROR =
+var NOT_ALLOWLISTED_ERROR =
     "The optional permissions API does not support '*'.";
 
 var UNKNOWN_PERMISSIONS_ERROR =
@@ -204,13 +204,14 @@ chrome.test.getConfig(function(config) {
       }));
     },
 
-    // Make sure you can only access the white listed permissions.
-    function whitelist() {
-      var error_msg = NOT_WHITE_LISTED_ERROR.replace('*', 'cloudPrintPrivate');
+    // Make sure you can only access the allowlisted permissions.
+    function allowlist() {
+      const kPermission = 'fontSettings';
+      var error_msg = NOT_ALLOWLISTED_ERROR.replace('*', kPermission);
       chrome.permissions.request(
-          {permissions: ['cloudPrintPrivate']}, fail(error_msg));
+          {permissions: [kPermission]}, fail(error_msg));
       chrome.permissions.remove(
-          {permissions: ['cloudPrintPrivate']}, fail(error_msg));
+          {permissions: [kPermission]}, fail(error_msg));
     },
 
     function unknownPermission() {

chrome/test/data/extensions/api_test/permissions/optional/manifest.json

@@ -15,6 +15,7 @@
      "bookmarks",
      "cookies",
      "background",
+     "fontSettings",
      "http://*.c.com/*"
    ]
 }