chrome.identity API: Restrict gaia ID access

This restricts the availability of obfuscated GAIA ID
info (from chrome.identity.getProfileUserInfo) to apps
which specify the identity.email manifest permission.

BUG=415641

Review URL: https://codereview.chromium.org/784283006

Cr-Commit-Position: refs/heads/master@{#311570}

chrome/browser/extensions/api/identity/identity_api.cc

@@ -852,8 +852,8 @@ ExtensionFunction::ResponseAction IdentityGetProfileUserInfoFunction::Run() {
   if (extension()->permissions_data()->HasAPIPermission(
           APIPermission::kIdentityEmail)) {
     profile_user_info.email = account.email;
+    profile_user_info.id = account.gaia;
   }
-  profile_user_info.id = account.gaia;
 
   return RespondNow(OneArgument(profile_user_info.ToValue().release()));
 }

chrome/browser/extensions/api/identity/identity_apitest.cc

@@ -653,7 +653,7 @@ IN_PROC_BROWSER_TEST_F(IdentityGetProfileUserInfoFunctionTest,
   SignIn("president@example.com", "12345");
   scoped_ptr<api::identity::ProfileUserInfo> info = RunGetProfileUserInfo();
   EXPECT_TRUE(info->email.empty());
-  EXPECT_EQ("12345", info->id);
+  EXPECT_TRUE(info->id.empty());
 }
 
 class GetAuthTokenFunctionTest : public IdentityTestWithSignin {

chrome/common/extensions/api/identity.idl

@@ -13,12 +13,15 @@ namespace identity {
 
   dictionary ProfileUserInfo {
     // An email address for the user account signed into the current
-    // profile. Empty if the user is not signed in.
+    // profile. Empty if the user is not signed in or the
+    // <code>identity.email</code> manifest permission is not
+    // specified.
     DOMString email;
 
     // A unique identifier for the account. This ID will not change
     // for the lifetime of the account. Empty if the user is not
-    // signed in.
+    // signed in or (in M41+) the <code>identity.email</code>
+    // manifest permission is not specified.
     DOMString id;
   };