Enable permission warnings from ManifestHandlers.

chrome/common/extensions/permissions/permission_set_unittest.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "base/command_line.h"
 #include "base/json/json_file_value_serializer.h"
 #include "base/logging.h"
 #include "base/path_service.h"
 #include "base/strings/utf_string_conversions.h"
 #include "chrome/common/chrome_paths.h"
@@ skipping 184 matching lines @@
   permissions = extension->GetActivePermissions();
   EXPECT_FALSE(permissions->HasEffectiveAccessToURL(GURL("http://test/")));
   EXPECT_TRUE(permissions->HasEffectiveAccessToURL(GURL("https://test/")));
   EXPECT_TRUE(
       permissions->HasEffectiveAccessToURL(GURL("http://www.google.com")));
   EXPECT_TRUE(permissions->HasEffectiveAccessToAllHosts());
 }
 
 TEST(PermissionsTest, ExplicitAccessToOrigin) {
   APIPermissionSet apis;
+  ManifestPermissionSet manifest_permissions;
   URLPatternSet explicit_hosts;
   URLPatternSet scriptable_hosts;
 
   AddPattern(&explicit_hosts, "http://*.google.com/*");
   // The explicit host paths should get set to /*.
   AddPattern(&explicit_hosts, "http://www.example.com/a/particular/path/*");
 
   scoped_refptr<PermissionSet> perm_set = new PermissionSet(
-      apis, explicit_hosts, scriptable_hosts);
+      apis, manifest_permissions, explicit_hosts, scriptable_hosts);
   ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin(
       GURL("http://www.google.com/")));
   ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin(
       GURL("http://test.google.com/")));
   ASSERT_TRUE(perm_set->HasExplicitAccessToOrigin(
       GURL("http://www.example.com")));
   ASSERT_TRUE(perm_set->HasEffectiveAccessToURL(
       GURL("http://www.example.com")));
   ASSERT_FALSE(perm_set->HasExplicitAccessToOrigin(
       GURL("http://test.example.com")));
 }
 
 TEST(PermissionsTest, CreateUnion) {
   APIPermission* permission = NULL;
 
+  ManifestPermissionSet manifest_permissions;
   APIPermissionSet apis1;
   APIPermissionSet apis2;
   APIPermissionSet expected_apis;
 
   URLPatternSet explicit_hosts1;
   URLPatternSet explicit_hosts2;
   URLPatternSet expected_explicit_hosts;
 
   URLPatternSet scriptable_hosts1;
   URLPatternSet scriptable_hosts2;
@@ skipping 24 matching lines @@
   apis1.insert(APIPermission::kBackground);
   apis1.insert(permission->Clone());
   expected_apis.insert(APIPermission::kTab);
   expected_apis.insert(APIPermission::kBackground);
   expected_apis.insert(permission);
 
   AddPattern(&explicit_hosts1, "http://*.google.com/*");
   AddPattern(&expected_explicit_hosts, "http://*.google.com/*");
   AddPattern(&effective_hosts, "http://*.google.com/*");
 
-  set1 = new PermissionSet(apis1, explicit_hosts1, scriptable_hosts1);
-  set2 = new PermissionSet(apis2, explicit_hosts2, scriptable_hosts2);
+  set1 = new PermissionSet(apis1, manifest_permissions,
+                           explicit_hosts1, scriptable_hosts1);
+  set2 = new PermissionSet(apis2, manifest_permissions,
+                           explicit_hosts2, scriptable_hosts2);
   union_set = PermissionSet::CreateUnion(set1.get(), set2.get());
   EXPECT_TRUE(set1->Contains(*set2.get()));
   EXPECT_TRUE(set1->Contains(*union_set.get()));
   EXPECT_FALSE(set2->Contains(*set1.get()));
   EXPECT_FALSE(set2->Contains(*union_set.get()));
   EXPECT_TRUE(union_set->Contains(*set1.get()));
   EXPECT_TRUE(union_set->Contains(*set2.get()));
 
   EXPECT_FALSE(union_set->HasEffectiveFullAccess());
   EXPECT_EQ(expected_apis, union_set->apis());
@@ skipping 40 matching lines @@
   expected_apis.insert(permission);
 
   AddPattern(&explicit_hosts2, "http://*.example.com/*");
   AddPattern(&scriptable_hosts2, "http://*.google.com/*");
   AddPattern(&expected_explicit_hosts, "http://*.example.com/*");
   AddPattern(&expected_scriptable_hosts, "http://*.google.com/*");
 
   URLPatternSet::CreateUnion(
       explicit_hosts2, scriptable_hosts2, &effective_hosts);
 
-  set2 = new PermissionSet(apis2, explicit_hosts2, scriptable_hosts2);
+  set2 = new PermissionSet(apis2, manifest_permissions,
+                           explicit_hosts2, scriptable_hosts2);
   union_set = PermissionSet::CreateUnion(set1.get(), set2.get());
 
   EXPECT_FALSE(set1->Contains(*set2.get()));
   EXPECT_FALSE(set1->Contains(*union_set.get()));
   EXPECT_FALSE(set2->Contains(*set1.get()));
   EXPECT_FALSE(set2->Contains(*union_set.get()));
   EXPECT_TRUE(union_set->Contains(*set1.get()));
   EXPECT_TRUE(union_set->Contains(*set2.get()));
 
   EXPECT_TRUE(union_set->HasEffectiveFullAccess());
   EXPECT_TRUE(union_set->HasEffectiveAccessToAllHosts());
   EXPECT_EQ(expected_apis, union_set->apis());
   EXPECT_EQ(expected_explicit_hosts, union_set->explicit_hosts());
   EXPECT_EQ(expected_scriptable_hosts, union_set->scriptable_hosts());
   EXPECT_EQ(effective_hosts, union_set->effective_hosts());
 }
 
 TEST(PermissionsTest, CreateIntersection) {
   APIPermission* permission = NULL;
 
+  ManifestPermissionSet manifest_permissions;
   APIPermissionSet apis1;
   APIPermissionSet apis2;
   APIPermissionSet expected_apis;
 
   URLPatternSet explicit_hosts1;
   URLPatternSet explicit_hosts2;
   URLPatternSet expected_explicit_hosts;
 
   URLPatternSet scriptable_hosts1;
   URLPatternSet scriptable_hosts2;
@@ skipping 20 matching lines @@
     value->Append(base::Value::CreateStringValue("udp-send-to::8888"));
     if (!permission->FromValue(value.get())) {
       NOTREACHED();
     }
   }
   apis1.insert(permission);
 
   AddPattern(&explicit_hosts1, "http://*.google.com/*");
   AddPattern(&scriptable_hosts1, "http://www.reddit.com/*");
 
-  set1 = new PermissionSet(apis1, explicit_hosts1, scriptable_hosts1);
-  set2 = new PermissionSet(apis2, explicit_hosts2, scriptable_hosts2);
+  set1 = new PermissionSet(apis1, manifest_permissions,
+                           explicit_hosts1, scriptable_hosts1);
+  set2 = new PermissionSet(apis2, manifest_permissions,
+                           explicit_hosts2, scriptable_hosts2);
   new_set = PermissionSet::CreateIntersection(set1.get(), set2.get());
   EXPECT_TRUE(set1->Contains(*new_set.get()));
   EXPECT_TRUE(set2->Contains(*new_set.get()));
   EXPECT_TRUE(set1->Contains(*set2.get()));
   EXPECT_FALSE(set2->Contains(*set1.get()));
   EXPECT_FALSE(new_set->Contains(*set1.get()));
   EXPECT_TRUE(new_set->Contains(*set2.get()));
 
   EXPECT_TRUE(new_set->IsEmpty());
   EXPECT_FALSE(new_set->HasEffectiveFullAccess());
@@ skipping 32 matching lines @@
   expected_apis.insert(permission);
 
   AddPattern(&explicit_hosts2, "http://*.example.com/*");
   AddPattern(&explicit_hosts2, "http://*.google.com/*");
   AddPattern(&scriptable_hosts2, "http://*.google.com/*");
   AddPattern(&expected_explicit_hosts, "http://*.google.com/*");
 
   effective_hosts.ClearPatterns();
   AddPattern(&effective_hosts, "http://*.google.com/*");
 
-  set2 = new PermissionSet(apis2, explicit_hosts2, scriptable_hosts2);
+  set2 = new PermissionSet(apis2, manifest_permissions,
+                           explicit_hosts2, scriptable_hosts2);
   new_set = PermissionSet::CreateIntersection(set1.get(), set2.get());
 
   EXPECT_TRUE(set1->Contains(*new_set.get()));
   EXPECT_TRUE(set2->Contains(*new_set.get()));
   EXPECT_FALSE(set1->Contains(*set2.get()));
   EXPECT_FALSE(set2->Contains(*set1.get()));
   EXPECT_FALSE(new_set->Contains(*set1.get()));
   EXPECT_FALSE(new_set->Contains(*set2.get()));
 
   EXPECT_FALSE(new_set->HasEffectiveFullAccess());
   EXPECT_FALSE(new_set->HasEffectiveAccessToAllHosts());
   EXPECT_EQ(expected_apis, new_set->apis());
   EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts());
   EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts());
   EXPECT_EQ(effective_hosts, new_set->effective_hosts());
 }
 
 TEST(PermissionsTest, CreateDifference) {
   APIPermission* permission = NULL;
 
+  ManifestPermissionSet manifest_permissions;
   APIPermissionSet apis1;
   APIPermissionSet apis2;
   APIPermissionSet expected_apis;
 
   URLPatternSet explicit_hosts1;
   URLPatternSet explicit_hosts2;
   URLPatternSet expected_explicit_hosts;
 
   URLPatternSet scriptable_hosts1;
   URLPatternSet scriptable_hosts2;
@@ skipping 20 matching lines @@
     value->Append(base::Value::CreateStringValue("udp-send-to::8888"));
     if (!permission->FromValue(value.get())) {
       NOTREACHED();
     }
   }
   apis1.insert(permission);
 
   AddPattern(&explicit_hosts1, "http://*.google.com/*");
   AddPattern(&scriptable_hosts1, "http://www.reddit.com/*");
 
-  set1 = new PermissionSet(apis1, explicit_hosts1, scriptable_hosts1);
-  set2 = new PermissionSet(apis2, explicit_hosts2, scriptable_hosts2);
+  set1 = new PermissionSet(apis1, manifest_permissions,
+                           explicit_hosts1, scriptable_hosts1);
+  set2 = new PermissionSet(apis2, manifest_permissions,
+                           explicit_hosts2, scriptable_hosts2);
   new_set = PermissionSet::CreateDifference(set1.get(), set2.get());
   EXPECT_EQ(*set1.get(), *new_set.get());
 
   // Now use a real second set.
   apis2.insert(APIPermission::kTab);
   apis2.insert(APIPermission::kProxy);
   apis2.insert(APIPermission::kClipboardWrite);
   apis2.insert(APIPermission::kPlugin);
   permission = permission_info->CreateAPIPermission();
   {
@@ skipping 20 matching lines @@
   expected_apis.insert(permission);
 
   AddPattern(&explicit_hosts2, "http://*.example.com/*");
   AddPattern(&explicit_hosts2, "http://*.google.com/*");
   AddPattern(&scriptable_hosts2, "http://*.google.com/*");
   AddPattern(&expected_scriptable_hosts, "http://www.reddit.com/*");
 
   effective_hosts.ClearPatterns();
   AddPattern(&effective_hosts, "http://www.reddit.com/*");
 
-  set2 = new PermissionSet(apis2, explicit_hosts2, scriptable_hosts2);
+  set2 = new PermissionSet(apis2, manifest_permissions,
+                           explicit_hosts2, scriptable_hosts2);
   new_set = PermissionSet::CreateDifference(set1.get(), set2.get());
 
   EXPECT_TRUE(set1->Contains(*new_set.get()));
   EXPECT_FALSE(set2->Contains(*new_set.get()));
 
   EXPECT_FALSE(new_set->HasEffectiveFullAccess());
   EXPECT_FALSE(new_set->HasEffectiveAccessToAllHosts());
   EXPECT_EQ(expected_apis, new_set->apis());
   EXPECT_EQ(expected_explicit_hosts, new_set->explicit_hosts());
   EXPECT_EQ(expected_scriptable_hosts, new_set->scriptable_hosts());
@@ skipping 201 matching lines @@
           << "missing message_id for " << permission_info->name();
     }
   }
 }
 
 TEST(PermissionsTest, FileSystemPermissionMessages) {
   APIPermissionSet api_permissions;
   api_permissions.insert(APIPermission::kFileSystemWrite);
   api_permissions.insert(APIPermission::kFileSystemDirectory);
   scoped_refptr<PermissionSet> permissions(
-      new PermissionSet(api_permissions, URLPatternSet(), URLPatternSet()));
+      new PermissionSet(api_permissions, ManifestPermissionSet(),
+                        URLPatternSet(), URLPatternSet()));
   PermissionMessages messages =
       PermissionMessageProvider::Get()->GetPermissionMessages(
           permissions, Manifest::TYPE_PLATFORM_APP);
   ASSERT_EQ(2u, messages.size());
   std::sort(messages.begin(), messages.end());
   std::set<PermissionMessage::ID> ids;
   for (PermissionMessages::const_iterator it = messages.begin();
        it != messages.end(); ++it) {
     ids.insert(it->id());
   }
   EXPECT_TRUE(ContainsKey(ids, PermissionMessage::kFileSystemDirectory));
   EXPECT_TRUE(ContainsKey(ids, PermissionMessage::kFileSystemWrite));
 }
 
 TEST(PermissionsTest, HiddenFileSystemPermissionMessages) {
   APIPermissionSet api_permissions;
   api_permissions.insert(APIPermission::kFileSystemWrite);
   api_permissions.insert(APIPermission::kFileSystemDirectory);
   api_permissions.insert(APIPermission::kFileSystemWriteDirectory);
   scoped_refptr<PermissionSet> permissions(
-      new PermissionSet(api_permissions, URLPatternSet(), URLPatternSet()));
+      new PermissionSet(api_permissions, ManifestPermissionSet(),
+                        URLPatternSet(), URLPatternSet()));
   PermissionMessages messages =
       PermissionMessageProvider::Get()->GetPermissionMessages(
           permissions, Manifest::TYPE_PLATFORM_APP);
   ASSERT_EQ(1u, messages.size());
   EXPECT_EQ(PermissionMessage::kFileSystemWriteDirectory, messages[0].id());
 }
 
 TEST(PermissionsTest, MergedFileSystemPermissionComparison) {
   APIPermissionSet write_api_permissions;
   write_api_permissions.insert(APIPermission::kFileSystemWrite);
-  scoped_refptr<PermissionSet> write_permissions(new PermissionSet(
-      write_api_permissions, URLPatternSet(), URLPatternSet()));
+  scoped_refptr<PermissionSet> write_permissions(
+      new PermissionSet(write_api_permissions, ManifestPermissionSet(),
+                        URLPatternSet(), URLPatternSet()));
 
   APIPermissionSet directory_api_permissions;
   directory_api_permissions.insert(APIPermission::kFileSystemDirectory);
-  scoped_refptr<PermissionSet> directory_permissions(new PermissionSet(
-      directory_api_permissions, URLPatternSet(), URLPatternSet()));
+  scoped_refptr<PermissionSet> directory_permissions(
+      new PermissionSet(directory_api_permissions, ManifestPermissionSet(),
+                        URLPatternSet(), URLPatternSet()));
 
   APIPermissionSet write_directory_api_permissions;
   write_directory_api_permissions.insert(
       APIPermission::kFileSystemWriteDirectory);
-  scoped_refptr<PermissionSet> write_directory_permissions(new PermissionSet(
-      write_directory_api_permissions, URLPatternSet(), URLPatternSet()));
+  scoped_refptr<PermissionSet> write_directory_permissions(
+      new PermissionSet(write_directory_api_permissions,
+                        ManifestPermissionSet(),
+                        URLPatternSet(),
+                        URLPatternSet()));
 
   const PermissionMessageProvider* provider = PermissionMessageProvider::Get();
   EXPECT_FALSE(provider->IsPrivilegeIncrease(write_directory_permissions,
                                              write_permissions,
                                              Manifest::TYPE_PLATFORM_APP));
   EXPECT_FALSE(provider->IsPrivilegeIncrease(write_directory_permissions,
                                              directory_permissions,
                                              Manifest::TYPE_PLATFORM_APP));
   EXPECT_TRUE(provider->IsPrivilegeIncrease(write_permissions,
                                             directory_permissions,
@@ skipping 323 matching lines @@
 
     explicit_hosts.AddPattern(
         URLPattern(URLPattern::SCHEME_HTTP, "http://*.google.com/*"));
     scriptable_hosts.AddPattern(
         URLPattern(URLPattern::SCHEME_HTTP, "http://*.example.com/*"));
 
     expected.insert("*.google.com");
     expected.insert("*.example.com");
 
     scoped_refptr<PermissionSet> perm_set(new PermissionSet(
-        empty_perms, explicit_hosts, scriptable_hosts));
+        empty_perms, ManifestPermissionSet(),
+        explicit_hosts, scriptable_hosts));
     EXPECT_EQ(expected,
               permission_message_util::GetDistinctHosts(
                   perm_set->effective_hosts(), true, true));
   }
 
   {
     // We don't display warnings for file URLs because they are off by default.
     SCOPED_TRACE("file urls");
 
     explicit_hosts.ClearPatterns();
@@ skipping 86 matching lines @@
   std::set<std::string> expected;
   expected.insert("www.foo.ca");
   EXPECT_EQ(expected,
             permission_message_util::GetDistinctHosts(
                 explicit_hosts, true, true));
 }
 
 TEST(PermissionsTest, IsHostPrivilegeIncrease) {
   Manifest::Type type = Manifest::TYPE_EXTENSION;
   const PermissionMessageProvider* provider = PermissionMessageProvider::Get();
+  ManifestPermissionSet empty_manifest_permissions;
   URLPatternSet elist1;
   URLPatternSet elist2;
   URLPatternSet slist1;
   URLPatternSet slist2;
   scoped_refptr<PermissionSet> set1;
   scoped_refptr<PermissionSet> set2;
   APIPermissionSet empty_perms;
   elist1.AddPattern(
       URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/path"));
   elist1.AddPattern(
       URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/path"));
 
   // Test that the host order does not matter.
   elist2.AddPattern(
       URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/path"));
   elist2.AddPattern(
       URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/path"));
 
-  set1 = new PermissionSet(empty_perms, elist1, slist1);
-  set2 = new PermissionSet(empty_perms, elist2, slist2);
+  set1 = new PermissionSet(empty_perms, empty_manifest_permissions,
+                           elist1, slist1);
+  set2 = new PermissionSet(empty_perms, empty_manifest_permissions,
+                           elist2, slist2);
 
   EXPECT_FALSE(provider->IsPrivilegeIncrease(set1, set2, type));
   EXPECT_FALSE(provider->IsPrivilegeIncrease(set2, set1, type));
 
   // Test that paths are ignored.
   elist2.ClearPatterns();
   elist2.AddPattern(
       URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/*"));
-  set2 = new PermissionSet(empty_perms, elist2, slist2);
+  set2 = new PermissionSet(empty_perms, empty_manifest_permissions,
+                           elist2, slist2);
   EXPECT_FALSE(provider->IsPrivilegeIncrease(set1, set2, type));
   EXPECT_FALSE(provider->IsPrivilegeIncrease(set2, set1, type));
 
   // Test that RCDs are ignored.
   elist2.ClearPatterns();
   elist2.AddPattern(
       URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com.hk/*"));
-  set2 = new PermissionSet(empty_perms, elist2, slist2);
+  set2 = new PermissionSet(empty_perms, empty_manifest_permissions,
+                           elist2, slist2);
   EXPECT_FALSE(provider->IsPrivilegeIncrease(set1, set2, type));
   EXPECT_FALSE(provider->IsPrivilegeIncrease(set2, set1, type));
 
   // Test that subdomain wildcards are handled properly.
   elist2.ClearPatterns();
   elist2.AddPattern(
       URLPattern(URLPattern::SCHEME_HTTP, "http://*.google.com.hk/*"));
-  set2 = new PermissionSet(empty_perms, elist2, slist2);
+  set2 = new PermissionSet(empty_perms, empty_manifest_permissions,
+                           elist2, slist2);
   EXPECT_TRUE(provider->IsPrivilegeIncrease(set1, set2, type));
   // TODO(jstritar): Does not match subdomains properly. http://crbug.com/65337
   // EXPECT_FALSE(provider->IsPrivilegeIncrease(set2, set1, type));
 
   // Test that different domains count as different hosts.
   elist2.ClearPatterns();
   elist2.AddPattern(
       URLPattern(URLPattern::SCHEME_HTTP, "http://www.google.com/path"));
   elist2.AddPattern(
       URLPattern(URLPattern::SCHEME_HTTP, "http://www.example.org/path"));
-  set2 = new PermissionSet(empty_perms, elist2, slist2);
+  set2 = new PermissionSet(empty_perms, empty_manifest_permissions,
+                           elist2, slist2);
   EXPECT_TRUE(provider->IsPrivilegeIncrease(set1, set2, type));
   EXPECT_FALSE(provider->IsPrivilegeIncrease(set2, set1, type));
 
   // Test that different subdomains count as different hosts.
   elist2.ClearPatterns();
   elist2.AddPattern(
       URLPattern(URLPattern::SCHEME_HTTP, "http://mail.google.com/*"));
-  set2 = new PermissionSet(empty_perms, elist2, slist2);
+  set2 = new PermissionSet(empty_perms, empty_manifest_permissions,
+                           elist2, slist2);
   EXPECT_TRUE(provider->IsPrivilegeIncrease(set1, set2, type));
   EXPECT_TRUE(provider->IsPrivilegeIncrease(set2, set1, type));
 
   // Test that platform apps do not have host permissions increases.
   type = Manifest::TYPE_PLATFORM_APP;
   EXPECT_FALSE(provider->IsPrivilegeIncrease(set1, set2, type));
   EXPECT_FALSE(provider->IsPrivilegeIncrease(set2, set1, type));
 }
 
 TEST(PermissionsTest, GetAPIsAsStrings) {
   APIPermissionSet apis;
   URLPatternSet empty_set;
 
   apis.insert(APIPermission::kProxy);
   apis.insert(APIPermission::kBackground);
   apis.insert(APIPermission::kNotification);
   apis.insert(APIPermission::kTab);
 
   scoped_refptr<PermissionSet> perm_set = new PermissionSet(
-      apis, empty_set, empty_set);
+      apis, ManifestPermissionSet(), empty_set, empty_set);
   std::set<std::string> api_names = perm_set->GetAPIsAsStrings();
 
   // The result is correct if it has the same number of elements
   // and we can convert it back to the id set.
   EXPECT_EQ(4u, api_names.size());
   EXPECT_EQ(apis,
             PermissionsInfo::GetInstance()->GetAllByName(api_names));
 }
 
 TEST(PermissionsTest, IsEmpty) {
   APIPermissionSet empty_apis;
   URLPatternSet empty_extent;
 
   scoped_refptr<PermissionSet> empty = new PermissionSet();
   EXPECT_TRUE(empty->IsEmpty());
   scoped_refptr<PermissionSet> perm_set;
 
-  perm_set = new PermissionSet(empty_apis, empty_extent, empty_extent);
+  perm_set = new PermissionSet(empty_apis, ManifestPermissionSet(),
+                               empty_extent, empty_extent);
   EXPECT_TRUE(perm_set->IsEmpty());
 
   APIPermissionSet non_empty_apis;
   non_empty_apis.insert(APIPermission::kBackground);
-  perm_set = new PermissionSet(
-      non_empty_apis, empty_extent, empty_extent);
+  perm_set = new PermissionSet(non_empty_apis, ManifestPermissionSet(),
+                               empty_extent, empty_extent);
   EXPECT_FALSE(perm_set->IsEmpty());
 
   // Try non standard host
   URLPatternSet non_empty_extent;
   AddPattern(&non_empty_extent, "http://www.google.com/*");
 
-  perm_set = new PermissionSet(
-      empty_apis, non_empty_extent, empty_extent);
+  perm_set = new PermissionSet(empty_apis, ManifestPermissionSet(),
+                               non_empty_extent, empty_extent);
   EXPECT_FALSE(perm_set->IsEmpty());
 
-  perm_set = new PermissionSet(
-      empty_apis, empty_extent, non_empty_extent);
+  perm_set = new PermissionSet(empty_apis, ManifestPermissionSet(),
+                               empty_extent, non_empty_extent);
   EXPECT_FALSE(perm_set->IsEmpty());
 }
 
 TEST(PermissionsTest, ImpliedPermissions) {
   URLPatternSet empty_extent;
   APIPermissionSet apis;
   apis.insert(APIPermission::kWebRequest);
   apis.insert(APIPermission::kFileBrowserHandler);
   EXPECT_EQ(2U, apis.size());
 
   scoped_refptr<PermissionSet> perm_set;
-  perm_set = new PermissionSet(apis, empty_extent, empty_extent);
+  perm_set = new PermissionSet(apis, ManifestPermissionSet(),
+                               empty_extent, empty_extent);
   EXPECT_EQ(4U, perm_set->apis().size());
 }
 
 TEST(PermissionsTest, SyncFileSystemPermission) {
   scoped_refptr<Extension> extension = LoadManifest(
       "permissions", "sync_file_system.json");
   APIPermissionSet apis;
   apis.insert(APIPermission::kSyncFileSystem);
   EXPECT_TRUE(extension->is_platform_app());
   EXPECT_TRUE(extension->HasAPIPermission(APIPermission::kSyncFileSystem));
   std::vector<string16> warnings =
       PermissionsData::GetPermissionMessageStrings(extension.get());
   EXPECT_TRUE(Contains(warnings, "Store data in your Google Drive account"));
   ASSERT_EQ(1u, warnings.size());
 }
 
 // Make sure that we don't crash when we're trying to show the permissions
 // even though chrome://thumb (and everything that's not chrome://favicon with
 // a chrome:// scheme) is not a valid permission.
 // More details here: crbug/246314.
 TEST(PermissionsTest, ChromeURLs) {
   URLPatternSet allowed_hosts;
   allowed_hosts.AddPattern(
       URLPattern(URLPattern::SCHEME_ALL, "http://www.google.com/"));
   allowed_hosts.AddPattern(
       URLPattern(URLPattern::SCHEME_ALL, "chrome://favicon/"));
   allowed_hosts.AddPattern(
       URLPattern(URLPattern::SCHEME_ALL, "chrome://thumb/"));
   scoped_refptr<PermissionSet> permissions(
-      new PermissionSet(APIPermissionSet(), allowed_hosts, URLPatternSet()));
+      new PermissionSet(APIPermissionSet(), ManifestPermissionSet(),
+                        allowed_hosts, URLPatternSet()));
   PermissionMessageProvider::Get()->
       GetPermissionMessages(permissions, Manifest::TYPE_EXTENSION);
 }
 
 TEST(PermissionsTest, IsPrivilegeIncrease_DeclarativeWebRequest) {
   scoped_refptr<Extension> extension(
       LoadManifest("permissions", "permissions_all_urls.json"));
   scoped_refptr<const PermissionSet> permissions(
       extension->GetActivePermissions());
 
   scoped_refptr<Extension> extension_dwr(
       LoadManifest("permissions", "web_request_all_host_permissions.json"));
   scoped_refptr<const PermissionSet> permissions_dwr(
       extension_dwr->GetActivePermissions());
 
   EXPECT_FALSE(PermissionMessageProvider::Get()->
                    IsPrivilegeIncrease(permissions.get(),
                                        permissions_dwr.get(),
                                        extension->GetType()));
 }
 
 }  // namespace extensions