Make ActiveTabPermissionManager also grant the tabs permission.

chrome/browser/extensions/extension_function_dispatcher.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "chrome/browser/extensions/extension_function_dispatcher.h"
 
 #include <map>
 
 #include "base/json/json_string_value_serializer.h"
 #include "base/lazy_instance.h"
@@ skipping 118 matching lines @@
     int routing_id,
     const ExtensionHostMsg_Request_Params& params) {
   const Extension* extension =
       extension_info_map->extensions().GetByID(params.extension_id);
 
   scoped_refptr<ExtensionFunction> function(
       CreateExtensionFunction(params, extension, render_process_id,
                               extension_info_map->process_map(),
                               g_global_io_data.Get().api.get(),
                               profile,
-                              ipc_sender, routing_id));
+                              ipc_sender, NULL, routing_id));
   if (!function) {
     LogFailure(extension, params.name, kAccessDenied);
     return;
   }
 
   IOThreadExtensionFunction* function_io =
       function->AsIOThreadExtensionFunction();
   if (!function_io) {
     NOTREACHED();
     return;
@@ skipping 36 matching lines @@
   if (!extension)
     extension = service->extensions()->GetHostedAppByURL(ExtensionURLInfo(
         WebSecurityOrigin::createFromString(params.source_origin),
         params.source_url));
 
   scoped_refptr<ExtensionFunction> function(
       CreateExtensionFunction(params, extension,
                               render_view_host->GetProcess()->GetID(),
                               *(service->process_map()),
                               extensions::ExtensionAPI::GetSharedInstance(),
-                              profile(), render_view_host,
+                              profile(), render_view_host, render_view_host,
                               render_view_host->GetRoutingID()));
   if (!function) {
     LogFailure(extension, params.name, kAccessDenied);
     return;
   }
 
   UIThreadExtensionFunction* function_ui =
       function->AsUIThreadExtensionFunction();
   if (!function_ui) {
     NOTREACHED();
     return;
   }
-  function_ui->SetRenderViewHost(render_view_host);
   function_ui->set_dispatcher(AsWeakPtr());
   function_ui->set_profile(profile_);
   function->set_include_incognito(service->CanCrossIncognito(extension));
 
   ExtensionsQuotaService* quota = service->quota_service();
   if (quota->Assess(extension->id(), function, &params.arguments,
                     base::TimeTicks::Now())) {
     // See crbug.com/39178.
     ExternalProtocolHandler::PermitLaunchUrl();
 
@@ skipping 24 matching lines @@
 
 // static
 ExtensionFunction* ExtensionFunctionDispatcher::CreateExtensionFunction(
     const ExtensionHostMsg_Request_Params& params,
     const Extension* extension,
     int requesting_process_id,
     const extensions::ProcessMap& process_map,
     extensions::ExtensionAPI* api,
     void* profile,
     IPC::Sender* ipc_sender,
+    RenderViewHost* render_view_host,
     int routing_id) {
   if (!extension) {
     LOG(ERROR) << "Specified extension does not exist.";
     SendAccessDenied(ipc_sender, routing_id, params.request_id);
     return NULL;
   }
 
   if (api->IsPrivileged(params.name) &&
       !process_map.Contains(extension->id(), requesting_process_id)) {
     LOG(ERROR) << "Extension API called from incorrect process "
                << requesting_process_id
                << " from URL " << params.source_url.spec();
     SendAccessDenied(ipc_sender, routing_id, params.request_id);
     return NULL;
   }
 
-  if (!extension->HasAPIPermission(params.name)) {
-    LOG(ERROR) << "Extension " << extension->id() << " does not have "
-               << "permission to function: " << params.name;
-    SendAccessDenied(ipc_sender, routing_id, params.request_id);
-    return NULL;
-  }
-
   ExtensionFunction* function =
       ExtensionFunctionRegistry::GetInstance()->NewFunction(params.name);
   function->SetArgs(&params.arguments);
   function->set_source_url(params.source_url);
   function->set_request_id(params.request_id);
   function->set_has_callback(params.has_callback);
   function->set_user_gesture(params.user_gesture);
   function->set_extension(extension);
   function->set_profile_id(profile);
+
+  UIThreadExtensionFunction* function_ui =
+      function->AsUIThreadExtensionFunction();
+  if (function_ui) {
+    function_ui->SetRenderViewHost(render_view_host);

[not at google - send to devlin, 2012/08/02 12:23:47]

I needed to make this change because the render_view_host is needed to call
GetCurrentBrowser().

It was either thread through that redundant argument, or do the permissions
checking outside of CreateExtensionFunction.

+  }
+
+  if (!function->HasPermission()) {
+    LOG(ERROR) << "Extension " << extension->id() << " does not have "
+               << "permission to function: " << params.name;
+    SendAccessDenied(ipc_sender, routing_id, params.request_id);
+    return NULL;
+  }
+
   return function;
 }
 
 // static
 void ExtensionFunctionDispatcher::SendAccessDenied(
     IPC::Sender* ipc_sender, int routing_id, int request_id) {
   ListValue empty_list;
   ipc_sender->Send(new ExtensionMsg_Response(
       routing_id, request_id, false, empty_list,
       "Access to extension API denied."));
 }