Separate PermissionsData::CanExecuteScriptOnPage into two functions

CanExecuteScriptOnPage is currently being used for both content script
permissions and generic access (tabs api, etc).  Instead, since these have
two purposes, there should be two functions.

BUG=379356

Review URL: https://codereview.chromium.org/321533003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@275568 0039d316-1c4b-4281-b951-d872f2087c98

chrome/browser/extensions/active_tab_unittest.cc

@@ -108,8 +108,8 @@ class ActiveTabTest : public ChromeRenderViewHostTestHarness {
                  PermittedFeature feature,
                  int tab_id) {
     const PermissionsData* permissions_data = extension->permissions_data();
-    bool script = permissions_data->CanExecuteScriptOnPage(
-        extension, url, url, tab_id, NULL, -1, NULL);
+    bool script =
+        permissions_data->CanAccessPage(extension, url, url, tab_id, -1, NULL);
     bool capture = HasTabsPermission(extension, tab_id) &&
                    permissions_data->CanCaptureVisiblePage(tab_id, NULL);
     switch (feature) {

chrome/browser/extensions/api/automation_internal/automation_internal_api.cc

@@ -59,8 +59,8 @@ bool CanRequestAutomation(const Extension* extension,
   content::RenderProcessHost* process = contents->GetRenderProcessHost();
   int process_id = process ? process->GetID() : -1;
   std::string unused_error;
-  return extension->permissions_data()->CanExecuteScriptOnPage(
-      extension, url, url, tab_id, NULL, process_id, &unused_error);
+  return extension->permissions_data()->CanAccessPage(
+      extension, url, url, tab_id, process_id, &unused_error);
 }
 
 // Helper class that receives accessibility data from |WebContents|.

chrome/browser/extensions/api/tabs/tabs_api.cc

@@ -1178,12 +1178,11 @@ bool TabsUpdateFunction::UpdateURL(const std::string &url_string,
   // we need to check host permissions before allowing them.
   if (url.SchemeIs(url::kJavaScriptScheme)) {
     content::RenderProcessHost* process = web_contents_->GetRenderProcessHost();
-    if (!GetExtension()->permissions_data()->CanExecuteScriptOnPage(
+    if (!GetExtension()->permissions_data()->CanAccessPage(
             GetExtension(),
             web_contents_->GetURL(),
             web_contents_->GetURL(),
             tab_id,
-            NULL,
             process ? process->GetID() : -1,
             &error_)) {
       return false;
@@ -1656,12 +1655,11 @@ bool ExecuteCodeInTabFunction::CanExecuteScriptOnPage() {
   // NOTE: This can give the wrong answer due to race conditions, but it is OK,
   // we check again in the renderer.
   content::RenderProcessHost* process = contents->GetRenderProcessHost();
-  if (!GetExtension()->permissions_data()->CanExecuteScriptOnPage(
+  if (!GetExtension()->permissions_data()->CanAccessPage(
           GetExtension(),
           contents->GetURL(),
           contents->GetURL(),
           execute_tab_id_,
-          NULL,
           process ? process->GetID() : -1,
           &error_)) {
     return false;

chrome/browser/extensions/api/web_request/web_request_permissions.cc

@@ -26,7 +26,7 @@ namespace {
 // to check for updates, extension blacklisting, etc.
 bool IsSensitiveURL(const GURL& url) {
   // TODO(battre) Merge this, CanExtensionAccessURL and
-  // PermissionsData::CanExecuteScriptOnPage into one function.
+  // PermissionsData::CanAccessPage into one function.
   bool sensitive_chrome_url = false;
   const std::string host = url.host();
   const char kGoogleCom[] = ".google.com";

chrome/browser/extensions/browser_permissions_policy_delegate.cc

@@ -31,7 +31,6 @@ bool BrowserPermissionsPolicyDelegate::CanExecuteScriptOnPage(
     const GURL& document_url,
     const GURL& top_document_url,
     int tab_id,
-    const UserScript* script,
     int process_id,
     std::string* error) {
   DCHECK_CURRENTLY_ON(content::BrowserThread::UI);

chrome/browser/extensions/browser_permissions_policy_delegate.h

@@ -20,7 +20,6 @@ class BrowserPermissionsPolicyDelegate
                                       const GURL& document_url,
                                       const GURL& top_document_url,
                                       int tab_id,
-                                      const UserScript* script,
                                       int process_id,
                                       std::string* error) OVERRIDE;
 

chrome/browser/extensions/browser_permissions_policy_delegate_unittest.cc

@@ -75,21 +75,19 @@ TEST_F(BrowserPermissionsPolicyDelegateTest, CanExecuteScriptOnPage) {
   // The same call should succeed with a normal process, but fail with a signin
   // process.
   const PermissionsData* permissions_data = extension->permissions_data();
-  EXPECT_TRUE(permissions_data->CanExecuteScriptOnPage(extension,
-                                                       kSigninUrl,
-                                                       kSigninUrl,
-                                                       -1,
-                                                       NULL,
-                                                       normal_process.GetID(),
-                                                       &error))
+  EXPECT_TRUE(permissions_data->CanAccessPage(extension,
+                                              kSigninUrl,
+                                              kSigninUrl,
+                                              -1,  // no tab id.
+                                              normal_process.GetID(),
+                                              &error))
       << error;
-  EXPECT_FALSE(permissions_data->CanExecuteScriptOnPage(extension,
-                                                        kSigninUrl,
-                                                        kSigninUrl,
-                                                        -1,
-                                                        NULL,
-                                                        signin_process.GetID(),
-                                                        &error))
+  EXPECT_FALSE(permissions_data->CanAccessPage(extension,
+                                               kSigninUrl,
+                                               kSigninUrl,
+                                               -1,  // no tab id.
+                                               signin_process.GetID(),
+                                               &error))
       << error;
 }
 #endif

chrome/common/extensions/extension_unittest.cc

@@ -236,106 +236,70 @@ TEST(ExtensionTest, WantsFileAccess) {
   // <all_urls> permission
   extension = LoadManifest("permissions", "permissions_all_urls.json");
   EXPECT_TRUE(extension->wants_file_access());
-  EXPECT_FALSE(extension->permissions_data()->CanExecuteScriptOnPage(
-      extension, file_url, file_url, -1, NULL, -1, NULL));
+  EXPECT_FALSE(extension->permissions_data()->CanAccessPage(
+      extension, file_url, file_url, -1, -1, NULL));
   extension = LoadManifest(
       "permissions", "permissions_all_urls.json", Extension::ALLOW_FILE_ACCESS);
   EXPECT_TRUE(extension->wants_file_access());
-  EXPECT_TRUE(extension->permissions_data()->CanExecuteScriptOnPage(
-      extension, file_url, file_url, -1, NULL, -1, NULL));
+  EXPECT_TRUE(extension->permissions_data()->CanAccessPage(
+      extension, file_url, file_url, -1, -1, NULL));
 
   // file:///* permission
   extension = LoadManifest("permissions", "permissions_file_scheme.json");
   EXPECT_TRUE(extension->wants_file_access());
-  EXPECT_FALSE(extension->permissions_data()->CanExecuteScriptOnPage(
-      extension, file_url, file_url, -1, NULL, -1, NULL));
+  EXPECT_FALSE(extension->permissions_data()->CanAccessPage(
+      extension, file_url, file_url, -1, -1, NULL));
   extension = LoadManifest("permissions",
                            "permissions_file_scheme.json",
                            Extension::ALLOW_FILE_ACCESS);
   EXPECT_TRUE(extension->wants_file_access());
-  EXPECT_TRUE(extension->permissions_data()->CanExecuteScriptOnPage(
-      extension, file_url, file_url, -1, NULL, -1, NULL));
+  EXPECT_TRUE(extension->permissions_data()->CanAccessPage(
+      extension, file_url, file_url, -1, -1, NULL));
 
   // http://* permission
   extension = LoadManifest("permissions", "permissions_http_scheme.json");
   EXPECT_FALSE(extension->wants_file_access());
-  EXPECT_FALSE(extension->permissions_data()->CanExecuteScriptOnPage(
-      extension, file_url, file_url, -1, NULL, -1, NULL));
+  EXPECT_FALSE(extension->permissions_data()->CanAccessPage(
+      extension, file_url, file_url, -1, -1, NULL));
   extension = LoadManifest("permissions",
                            "permissions_http_scheme.json",
                            Extension::ALLOW_FILE_ACCESS);
   EXPECT_FALSE(extension->wants_file_access());
-  EXPECT_FALSE(extension->permissions_data()->CanExecuteScriptOnPage(
-      extension, file_url, file_url, -1, NULL, -1, NULL));
+  EXPECT_FALSE(extension->permissions_data()->CanAccessPage(
+      extension, file_url, file_url, -1, -1, NULL));
 
   // <all_urls> content script match
   extension = LoadManifest("permissions", "content_script_all_urls.json");
   EXPECT_TRUE(extension->wants_file_access());
-  EXPECT_FALSE(extension->permissions_data()->CanExecuteScriptOnPage(
-      extension,
-      file_url,
-      file_url,
-      -1,
-      &ContentScriptsInfo::GetContentScripts(extension.get())[0],
-      -1,
-      NULL));
+  EXPECT_FALSE(extension->permissions_data()->CanRunContentScriptOnPage(
+      extension, file_url, file_url, -1, -1, NULL));
   extension = LoadManifest("permissions", "content_script_all_urls.json",
       Extension::ALLOW_FILE_ACCESS);
   EXPECT_TRUE(extension->wants_file_access());
-  EXPECT_TRUE(extension->permissions_data()->CanExecuteScriptOnPage(
-      extension,
-      file_url,
-      file_url,
-      -1,
-      &ContentScriptsInfo::GetContentScripts(extension)[0],
-      -1,
-      NULL));
+  EXPECT_TRUE(extension->permissions_data()->CanRunContentScriptOnPage(
+      extension, file_url, file_url, -1, -1, NULL));
 
   // file:///* content script match
   extension = LoadManifest("permissions", "content_script_file_scheme.json");
   EXPECT_TRUE(extension->wants_file_access());
-  EXPECT_FALSE(extension->permissions_data()->CanExecuteScriptOnPage(
-      extension,
-      file_url,
-      file_url,
-      -1,
-      &ContentScriptsInfo::GetContentScripts(extension)[0],
-      -1,
-      NULL));
+  EXPECT_FALSE(extension->permissions_data()->CanRunContentScriptOnPage(
+      extension, file_url, file_url, -1, -1, NULL));
   extension = LoadManifest("permissions", "content_script_file_scheme.json",
       Extension::ALLOW_FILE_ACCESS);
   EXPECT_TRUE(extension->wants_file_access());
-  EXPECT_TRUE(extension->permissions_data()->CanExecuteScriptOnPage(
-      extension,
-      file_url,
-      file_url,
-      -1,
-      &ContentScriptsInfo::GetContentScripts(extension)[0],
-      -1,
-      NULL));
+  EXPECT_TRUE(extension->permissions_data()->CanRunContentScriptOnPage(
+      extension, file_url, file_url, -1, -1, NULL));
 
   // http://* content script match
   extension = LoadManifest("permissions", "content_script_http_scheme.json");
   EXPECT_FALSE(extension->wants_file_access());
-  EXPECT_FALSE(extension->permissions_data()->CanExecuteScriptOnPage(
-      extension,
-      file_url,
-      file_url,
-      -1,
-      &ContentScriptsInfo::GetContentScripts(extension)[0],
-      -1,
-      NULL));
+  EXPECT_FALSE(extension->permissions_data()->CanRunContentScriptOnPage(
+      extension, file_url, file_url, -1, -1, NULL));
   extension = LoadManifest("permissions", "content_script_http_scheme.json",
       Extension::ALLOW_FILE_ACCESS);
   EXPECT_FALSE(extension->wants_file_access());
-  EXPECT_FALSE(extension->permissions_data()->CanExecuteScriptOnPage(
-      extension,
-      file_url,
-      file_url,
-      -1,
-      &ContentScriptsInfo::GetContentScripts(extension)[0],
-      -1,
-      NULL));
+  EXPECT_FALSE(extension->permissions_data()->CanRunContentScriptOnPage(
+      extension, file_url, file_url, -1, -1, NULL));
 }
 
 TEST(ExtensionTest, ExtraFlags) {

chrome/common/extensions/manifest_tests/extension_manifests_chromepermission_unittest.cc

@@ -34,8 +34,8 @@ TEST_F(ExtensionManifestTest, ChromeURLPermissionAllowedWithFlag) {
     LoadAndExpectSuccess("permission_chrome_url_invalid.json");
   EXPECT_EQ("", error);
   const GURL newtab_url(chrome::kChromeUINewTabURL);
-  EXPECT_TRUE(extension->permissions_data()->CanExecuteScriptOnPage(
-      extension, newtab_url, newtab_url, 0, NULL, -1, &error))
+  EXPECT_TRUE(extension->permissions_data()->CanAccessPage(
+      extension, newtab_url, newtab_url, 0, -1, &error))
       << error;
 }
 

chrome/renderer/extensions/renderer_permissions_policy_delegate.cc

@@ -29,7 +29,6 @@ bool RendererPermissionsPolicyDelegate::CanExecuteScriptOnPage(
     const GURL& document_url,
     const GURL& top_document_url,
     int tab_id,
-    const UserScript* script,
     int process_id,
     std::string* error) {
   const ExtensionsClient::ScriptingWhitelist& whitelist =

chrome/renderer/extensions/renderer_permissions_policy_delegate.h

@@ -22,7 +22,6 @@ class RendererPermissionsPolicyDelegate
                                       const GURL& document_url,
                                       const GURL& top_document_url,
                                       int tab_id,
-                                      const UserScript* script,
                                       int process_id,
                                       std::string* error) OVERRIDE;
 

chrome/renderer/extensions/renderer_permissions_policy_delegate_unittest.cc

@@ -60,7 +60,7 @@ scoped_refptr<const Extension> CreateTestExtension(const std::string& id) {
 
 }  // namespace
 
-// Tests that CanExecuteScriptOnPage returns false for the signin process,
+// Tests that CanAccessPage returns false for the signin process,
 // all else being equal.
 TEST_F(RendererPermissionsPolicyDelegateTest, CannotScriptSigninProcess) {
   GURL kSigninUrl(
@@ -68,26 +68,26 @@ TEST_F(RendererPermissionsPolicyDelegateTest, CannotScriptSigninProcess) {
   scoped_refptr<const Extension> extension(CreateTestExtension("a"));
   std::string error;
 
-  EXPECT_TRUE(extension->permissions_data()->CanExecuteScriptOnPage(
-      extension, kSigninUrl, kSigninUrl, -1, NULL, -1, &error))
+  EXPECT_TRUE(extension->permissions_data()->CanAccessPage(
+      extension, kSigninUrl, kSigninUrl, -1, -1, &error))
       << error;
   // Pretend we are in the signin process. We should not be able to execute
   // script.
   CommandLine::ForCurrentProcess()->AppendSwitch(switches::kSigninProcess);
-  EXPECT_FALSE(extension->permissions_data()->CanExecuteScriptOnPage(
-      extension, kSigninUrl, kSigninUrl, -1, NULL, -1, &error))
+  EXPECT_FALSE(extension->permissions_data()->CanAccessPage(
+      extension, kSigninUrl, kSigninUrl, -1, -1, &error))
       << error;
 }
 
-// Tests that CanExecuteScriptOnPage returns false for the any process
+// Tests that CanAccessPage returns false for the any process
 // which hosts the webstore.
 TEST_F(RendererPermissionsPolicyDelegateTest, CannotScriptWebstore) {
   GURL kAnyUrl("http://example.com/");
   scoped_refptr<const Extension> extension(CreateTestExtension("a"));
   std::string error;
 
-  EXPECT_TRUE(extension->permissions_data()->CanExecuteScriptOnPage(
-      extension, kAnyUrl, kAnyUrl, -1, NULL, -1, &error))
+  EXPECT_TRUE(extension->permissions_data()->CanAccessPage(
+      extension, kAnyUrl, kAnyUrl, -1, -1, &error))
       << error;
 
   // Pretend we are in the webstore process. We should not be able to execute
@@ -96,8 +96,8 @@ TEST_F(RendererPermissionsPolicyDelegateTest, CannotScriptWebstore) {
       CreateTestExtension(extension_misc::kWebStoreAppId));
   extension_dispatcher_->OnLoadedInternal(webstore_extension);
   extension_dispatcher_->OnActivateExtension(extension_misc::kWebStoreAppId);
-  EXPECT_FALSE(extension->permissions_data()->CanExecuteScriptOnPage(
-      extension, kAnyUrl, kAnyUrl, -1, NULL, -1, &error))
+  EXPECT_FALSE(extension->permissions_data()->CanAccessPage(
+      extension, kAnyUrl, kAnyUrl, -1, -1, &error))
       << error;
 }
 

extensions/common/permissions/permissions_data.cc

@@ -161,69 +161,34 @@ PermissionsData::GetPermissionMessageDetailsStrings() const {
       active_permissions(), manifest_type_);
 }
 
-bool PermissionsData::CanExecuteScriptOnPage(const Extension* extension,
-                                             const GURL& document_url,
-                                             const GURL& top_frame_url,
-                                             int tab_id,
-                                             const UserScript* script,
-                                             int process_id,
-                                             std::string* error) const {
-  if (g_policy_delegate &&
-      !g_policy_delegate->CanExecuteScriptOnPage(extension,
-                                                 document_url,
-                                                 top_frame_url,
-                                                 tab_id,
-                                                 script,
-                                                 process_id,
-                                                 error)) {
-    return false;
-  }
-
-  bool can_execute_everywhere = CanExecuteScriptEverywhere(extension);
-  if (!can_execute_everywhere &&
-      !ExtensionsClient::Get()->IsScriptableURL(document_url, error)) {
-    return false;
-  }
-
-  if (!base::CommandLine::ForCurrentProcess()->HasSwitch(
-          switches::kExtensionsOnChromeURLs)) {
-    if (document_url.SchemeIs(content::kChromeUIScheme) &&
-        !can_execute_everywhere) {
-      if (error)
-        *error = manifest_errors::kCannotAccessChromeUrl;
-      return false;
-    }
-  }
-
-  if (top_frame_url.SchemeIs(kExtensionScheme) &&
-      top_frame_url.GetOrigin() !=
-          Extension::GetBaseURLFromExtensionId(extension->id()).GetOrigin() &&
-      !can_execute_everywhere) {
-    if (error)
-      *error = manifest_errors::kCannotAccessExtensionUrl;
-    return false;
-  }
-
-  if (HasTabSpecificPermissionToExecuteScript(tab_id, top_frame_url))
-    return true;
-
-  bool can_access = false;
-
-  if (script) {
-    // If a script is specified, use its matches.
-    can_access = script->MatchesURL(document_url);
-  } else {
-    // Otherwise, see if this extension has permission to execute script
-    // programmatically on pages.
-    can_access = active_permissions()->HasExplicitAccessToOrigin(document_url);
-  }
-
-  if (!can_access && error) {
-    *error = ErrorUtils::FormatErrorMessage(manifest_errors::kCannotAccessPage,
-                                            document_url.spec());
-  }
+bool PermissionsData::CanAccessPage(const Extension* extension,
+                                    const GURL& document_url,
+                                    const GURL& top_frame_url,
+                                    int tab_id,
+                                    int process_id,
+                                    std::string* error) const {
+  return CanRunOnPage(extension,
+                      document_url,
+                      top_frame_url,
+                      tab_id,
+                      process_id,
+                      active_permissions()->explicit_hosts(),
+                      error);
+}
 
-  return can_access;
+bool PermissionsData::CanRunContentScriptOnPage(const Extension* extension,
+                                                const GURL& document_url,
+                                                const GURL& top_frame_url,
+                                                int tab_id,
+                                                int process_id,
+                                                std::string* error) const {
+  return CanRunOnPage(extension,
+                      document_url,
+                      top_frame_url,
+                      tab_id,
+                      process_id,
+                      active_permissions()->scriptable_hosts(),
+                      error);
 }
 
 bool PermissionsData::CanCaptureVisiblePage(int tab_id,
@@ -305,4 +270,55 @@ bool PermissionsData::HasTabSpecificPermissionToExecuteScript(
   return false;
 }
 
+bool PermissionsData::CanRunOnPage(const Extension* extension,
+                                   const GURL& document_url,
+                                   const GURL& top_frame_url,
+                                   int tab_id,
+                                   int process_id,
+                                   const URLPatternSet& permitted_url_patterns,
+                                   std::string* error) const {
+  if (g_policy_delegate &&
+      !g_policy_delegate->CanExecuteScriptOnPage(
+          extension, document_url, top_frame_url, tab_id, process_id, error)) {
+    return false;
+  }
+
+  bool can_execute_everywhere = CanExecuteScriptEverywhere(extension);
+  if (!can_execute_everywhere &&
+      !ExtensionsClient::Get()->IsScriptableURL(document_url, error)) {
+    return false;
+  }
+
+  if (!base::CommandLine::ForCurrentProcess()->HasSwitch(
+          switches::kExtensionsOnChromeURLs)) {
+    if (document_url.SchemeIs(content::kChromeUIScheme) &&
+        !can_execute_everywhere) {
+      if (error)
+        *error = manifest_errors::kCannotAccessChromeUrl;
+      return false;
+    }
+  }
+
+  if (top_frame_url.SchemeIs(kExtensionScheme) &&
+      top_frame_url.GetOrigin() !=
+          Extension::GetBaseURLFromExtensionId(extension->id()).GetOrigin() &&
+      !can_execute_everywhere) {
+    if (error)
+      *error = manifest_errors::kCannotAccessExtensionUrl;
+    return false;
+  }
+
+  if (HasTabSpecificPermissionToExecuteScript(tab_id, top_frame_url))
+    return true;
+
+  bool can_access = permitted_url_patterns.MatchesURL(document_url);
+
+  if (!can_access && error) {
+    *error = ErrorUtils::FormatErrorMessage(manifest_errors::kCannotAccessPage,
+                                            document_url.spec());
+  }
+
+  return can_access;
+}
+
 }  // namespace extensions

extensions/common/permissions/permissions_data.h

@@ -47,7 +47,6 @@ class PermissionsData {
                                         const GURL& document_url,
                                         const GURL& top_document_url,
                                         int tab_id,
-                                        const UserScript* script,
                                         int process_id,
                                         std::string* error) = 0;
   };
@@ -125,20 +124,30 @@ class PermissionsData {
   // display at install time as strings.
   std::vector<base::string16> GetPermissionMessageDetailsStrings() const;
 
-  // Returns true if the given |extension| can execute script on a page. If a
-  // UserScript object is passed, permission to run that specific script is
-  // checked (using its matches list). Otherwise, permission to execute script
-  // programmatically is checked (using the extension's host permission).
-  //
-  // This method is also aware of certain special pages that extensions are
-  // usually not allowed to run script on.
-  bool CanExecuteScriptOnPage(const Extension* extension,
-                              const GURL& document_url,
-                              const GURL& top_document_url,
-                              int tab_id,
-                              const UserScript* script,
-                              int process_id,
-                              std::string* error) const;
+  // Returns true if the |extension| has permission to access and interact with
+  // the specified page, in order to do things like inject scripts or modify
+  // the content.
+  // If this returns false and |error| is non-NULL, |error| will be popualted
+  // with the reason the extension cannot access the page.
+  bool CanAccessPage(const Extension* extension,
+                     const GURL& document_url,
+                     const GURL& top_document_url,
+                     int tab_id,
+                     int process_id,
+                     std::string* error) const;
+
+  // Returns true if the |extension| has permission to inject a content script
+  // on the page.
+  // If this returns false and |error| is non-NULL, |error| will be popualted
+  // with the reason the extension cannot script the page.
+  // NOTE: You almost certainly want to use CanAccessPage() instead of this
+  // method.
+  bool CanRunContentScriptOnPage(const Extension* extension,
+                                 const GURL& document_url,
+                                 const GURL& top_document_url,
+                                 int tab_id,
+                                 int process_id,
+                                 std::string* error) const;
 
   // Returns true if extension is allowed to obtain the contents of a page as
   // an image. Since a page may contain sensitive information, this is
@@ -181,6 +190,17 @@ class PermissionsData {
   bool HasTabSpecificPermissionToExecuteScript(int tab_id,
                                                const GURL& url) const;
 
+  // Returns true if the extension is permitted to run on the given page,
+  // checking against |permitted_url_patterns| in addition to blocking special
+  // sites (like the webstore or chrome:// urls).
+  bool CanRunOnPage(const Extension* extension,
+                    const GURL& document_url,
+                    const GURL& top_document_url,
+                    int tab_id,
+                    int process_id,
+                    const URLPatternSet& permitted_url_patterns,
+                    std::string* error) const;
+
   // The associated extension's id.
   std::string extension_id_;
 

extensions/common/permissions/permissions_data_unittest.cc

@@ -314,7 +314,7 @@ TEST(ExtensionPermissionsTest, GetPermissionMessages_Plugins) {
 #endif
 }
 
-// Base class for testing the CanExecuteScriptOnPage and CanCaptureVisiblePage
+// Base class for testing the CanAccessPage and CanCaptureVisiblePage
 // methods of Extension for extensions with various permissions.
 class ExtensionScriptAndCaptureVisibleTest : public testing::Test {
  protected:
@@ -348,14 +348,14 @@ class ExtensionScriptAndCaptureVisibleTest : public testing::Test {
 
   bool AllowedScript(const Extension* extension, const GURL& url,
                      const GURL& top_url, int tab_id) {
-    return extension->permissions_data()->CanExecuteScriptOnPage(
-        extension, url, top_url, tab_id, NULL, -1, NULL);
+    return extension->permissions_data()->CanAccessPage(
+        extension, url, top_url, tab_id, -1, NULL);
   }
 
   bool BlockedScript(const Extension* extension, const GURL& url,
                      const GURL& top_url) {
-    return !extension->permissions_data()->CanExecuteScriptOnPage(
-        extension, url, top_url, -1, NULL, -1, NULL);
+    return !extension->permissions_data()->CanAccessPage(
+        extension, url, top_url, -1, -1, NULL);
   }
 
   bool Allowed(const Extension* extension, const GURL& url) {
@@ -363,8 +363,8 @@ class ExtensionScriptAndCaptureVisibleTest : public testing::Test {
   }
 
   bool Allowed(const Extension* extension, const GURL& url, int tab_id) {
-    return (extension->permissions_data()->CanExecuteScriptOnPage(
-                extension, url, url, tab_id, NULL, -1, NULL) &&
+    return (extension->permissions_data()->CanAccessPage(
+                extension, url, url, tab_id, -1, NULL) &&
             extension->permissions_data()->CanCaptureVisiblePage(tab_id, NULL));
   }
 
@@ -373,8 +373,8 @@ class ExtensionScriptAndCaptureVisibleTest : public testing::Test {
   }
 
   bool CaptureOnly(const Extension* extension, const GURL& url, int tab_id) {
-    return !extension->permissions_data()->CanExecuteScriptOnPage(
-               extension, url, url, tab_id, NULL, -1, NULL) &&
+    return !extension->permissions_data()->CanAccessPage(
+               extension, url, url, tab_id, -1, NULL) &&
            extension->permissions_data()->CanCaptureVisiblePage(tab_id, NULL);
   }
 
@@ -394,8 +394,8 @@ class ExtensionScriptAndCaptureVisibleTest : public testing::Test {
   }
 
   bool Blocked(const Extension* extension, const GURL& url, int tab_id) {
-    return !(extension->permissions_data()->CanExecuteScriptOnPage(
-                 extension, url, url, tab_id, NULL, -1, NULL) ||
+    return !(extension->permissions_data()->CanAccessPage(
+                 extension, url, url, tab_id, -1, NULL) ||
              extension->permissions_data()->CanCaptureVisiblePage(tab_id,
                                                                   NULL));
   }

extensions/renderer/script_injection.cc

@@ -254,12 +254,14 @@ bool ScriptInjection::WantsToRun(blink::WebFrame* frame,
   GURL effective_document_url = ScriptContext::GetEffectiveDocumentURL(
       frame, document_url, script_->match_about_blank());
 
-  if (!extension->permissions_data()->CanExecuteScriptOnPage(
+  if (!script_->MatchesURL(effective_document_url))
+    return false;
+
+  if (!extension->permissions_data()->CanRunContentScriptOnPage(
           extension,
           effective_document_url,
           frame->top()->document().url(),
           kNoTabId,
-          script_.get(),
           kNoProcessId,
           NULL /* ignore error */)) {
     return false;

extensions/renderer/user_script_scheduler.cc

@@ -192,14 +192,12 @@ void UserScriptScheduler::ExecuteCodeImpl(
     GURL document_url = ScriptContext::GetEffectiveDocumentURL(
         child_frame, child_frame->document().url(), params.match_about_blank);
     bool can_execute_script =
-        extension->permissions_data()->CanExecuteScriptOnPage(
-            extension,
-            document_url,
-            top_url,
-            extension_helper->tab_id(),
-            NULL,
-            -1,
-            NULL);
+        extension->permissions_data()->CanAccessPage(extension,
+                                                     document_url,
+                                                     top_url,
+                                                     extension_helper->tab_id(),
+                                                     -1,     // no process ID.
+                                                     NULL);  // ignore error.
     if ((!params.is_web_view && !can_execute_script) ||
         (params.is_web_view && document_url != params.webview_src)) {
       if (child_frame->parent()) {