Send not granted VM permissions in GetPermissions response

Instead of sending only permissions that have been granted, send also
the ones that have not been granted, but can potentially be granted.
Only suppress permissions completely disabled via either a Chrome
feature flag, or enterprise policy.

Bug: 1071872
Change-Id: I00a9a11b00c908753e9d21d26b646ff204a5f958
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2304990Reviewed-by: Kyle Horimoto <khorimoto@chromium.org>
Commit-Queue: Dmitry Torokhov <dtor@chromium.org>
Cr-Commit-Position: refs/heads/master@{#789811}

chrome/browser/chromeos/dbus/vm/vm_permission_service_provider.cc

@@ -225,7 +225,8 @@ void VmPermissionServiceProvider::SetPermissions(
     return;
   }
 
-  std::set<VmInfo::PermissionType> new_permissions(iter->second->permissions_);
+  base::flat_map<VmInfo::PermissionType, bool> new_permissions(
+      iter->second->permissions_);
   for (const auto& p : request.permissions()) {
     VmInfo::PermissionType kind;
     if (p.kind() == vm_permission_service::Permission::CAMERA) {
@@ -241,11 +242,7 @@ void VmPermissionServiceProvider::SetPermissions(
       return;
     }
 
-    if (p.allowed()) {
-      new_permissions.insert(kind);
-    } else {
-      new_permissions.erase(kind);
-    }
+    new_permissions[kind] = p.allowed();
   }
 
   // Commit final version of permissions.
@@ -293,8 +290,7 @@ void VmPermissionServiceProvider::GetPermissions(
   vm_permission_service::GetPermissionsResponse payload;
   for (auto permission : iter->second->permissions_) {
     auto* p = payload.add_permissions();
-    p->set_allowed(true);
-    switch (permission) {
+    switch (permission.first) {
       case VmInfo::PermissionCamera:
         p->set_kind(vm_permission_service::Permission::CAMERA);
         break;
@@ -302,6 +298,7 @@ void VmPermissionServiceProvider::GetPermissions(
         p->set_kind(vm_permission_service::Permission::MICROPHONE);
         break;
     }
+    p->set_allowed(permission.second);
   }
 
   dbus::MessageWriter writer(response.get());
@@ -332,16 +329,16 @@ void VmPermissionServiceProvider::UpdatePluginVmPermissions(VmInfo* vm) {
       plugin_vm::PluginVmManagerFactory::GetForProfile(profile);
   if (base::FeatureList::IsEnabled(
           chromeos::features::kPluginVmShowCameraPermissions) &&
-      prefs->GetBoolean(prefs::kVideoCaptureAllowed) &&
-      PluginVmManager->GetPermission(plugin_vm::PermissionType::kCamera)) {
-    vm->permissions_.insert(VmInfo::PermissionCamera);
+      prefs->GetBoolean(prefs::kVideoCaptureAllowed)) {
+    vm->permissions_[VmInfo::PermissionCamera] =
+        PluginVmManager->GetPermission(plugin_vm::PermissionType::kCamera);
   }
 
   if (base::FeatureList::IsEnabled(
           chromeos::features::kPluginVmShowMicrophonePermissions) &&
-      prefs->GetBoolean(prefs::kAudioCaptureAllowed) &&
-      PluginVmManager->GetPermission(plugin_vm::PermissionType::kMicrophone)) {
-    vm->permissions_.insert(VmInfo::PermissionMicrophone);
+      prefs->GetBoolean(prefs::kAudioCaptureAllowed)) {
+    vm->permissions_[VmInfo::PermissionMicrophone] =
+        PluginVmManager->GetPermission(plugin_vm::PermissionType::kMicrophone);
   }
 }
 

chrome/browser/chromeos/dbus/vm/vm_permission_service_provider.h

@@ -6,11 +6,11 @@
 #define CHROME_BROWSER_CHROMEOS_DBUS_VM_VM_PERMISSION_SERVICE_PROVIDER_H_
 
 #include <memory>
-#include <set>
 #include <string>
 #include <unordered_map>
 #include <utility>
 
+#include "base/containers/flat_map.h"
 #include "base/macros.h"
 #include "base/memory/weak_ptr.h"
 #include "base/unguessable_token.h"
@@ -111,7 +111,7 @@ class VmPermissionServiceProvider
     const std::string name_;
     const VmType type_;
 
-    std::set<PermissionType> permissions_;
+    base::flat_map<PermissionType, bool> permissions_;
 
     VmInfo(std::string owner_id, std::string name, VmType type);
     ~VmInfo();