As part of this we should also add a test that ensures we do not block blacklisted sites when SB is turned off.

With regards to your question, you can turn SB off by setting the pref. See an example here: https://cs.chromium.org/chromium/src/chrome/browser/permissions/permission_uma_util_unittest.cc?sq=package:chromium&dr=CSs&l=134

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/48ad1681cf6efac487c260d75ac5d5f35ab493e3

commit 48ad1681cf6efac487c260d75ac5d5f35ab493e3
Author: meredithl <meredithl@google.com>
Date: Wed Feb 08 03:15:37 2017

Check result of ApiBlacklist query in client.

If the API blacklist query can be responded to synchronously, the Safe
Browsing Database Manager will respond true to the calling client. This
was not being checked previously, and hence the callback method on the
client not being called.

BUG= 683811 

Review-Url: https://codereview.chromium.org/2684523002
Cr-Commit-Position: refs/heads/master@{#448888}

[modify] https://crrev.com/48ad1681cf6efac487c260d75ac5d5f35ab493e3/chrome/browser/permissions/permission_blacklist_client.cc
[modify] https://crrev.com/48ad1681cf6efac487c260d75ac5d5f35ab493e3/chrome/browser/permissions/permission_context_base_unittest.cc
[modify] https://crrev.com/48ad1681cf6efac487c260d75ac5d5f35ab493e3/chrome/browser/permissions/permission_decision_auto_blocker.cc
[modify] https://crrev.com/48ad1681cf6efac487c260d75ac5d5f35ab493e3/chrome/browser/permissions/permission_decision_auto_blocker_unittest.cc

#2: I'm not really sure we test that we don't block blacklisted sites when Safe Browsing is turned off. Either:

 * We mock out the database manager, in which case turning Safe Browsing off is irrelevant, or
 * We use the real Safe Browsing Service, and turn it off, but we have no way of injecting a guaranteed blacklisted page for the test that verifies it isn't blocked

Marking as fixed for now.