The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/e09511329119adbacc5e291b5d16b31fcb14a4d4

commit e09511329119adbacc5e291b5d16b31fcb14a4d4
Author: isandrk <isandrk@chromium.org>
Date: Mon Apr 24 17:53:31 2017

PS - Scrub URL down to origin in Public Sessions

In Public Sessions, apps and extensions are force-installed by admin policy so the user does not get a chance to review the permissions for these apps. This is not acceptable from a security standpoint, so we scrub the URL returned by chrome.tabs API down to the origin.

TEST=
  unit_tests --gtest_filter=ExtensionTabUtilDelegateChromeOSTest.*
  unit_tests --gtest_filter=ExtensionTabUtilTest.Delegate
BUG= 709513 

Review-Url: https://codereview.chromium.org/2830903003
Cr-Commit-Position: refs/heads/master@{#466679}

[modify] https://crrev.com/e09511329119adbacc5e291b5d16b31fcb14a4d4/chrome/browser/chromeos/BUILD.gn
[add] https://crrev.com/e09511329119adbacc5e291b5d16b31fcb14a4d4/chrome/browser/chromeos/extensions/extension_tab_util_delegate_chromeos.cc
[add] https://crrev.com/e09511329119adbacc5e291b5d16b31fcb14a4d4/chrome/browser/chromeos/extensions/extension_tab_util_delegate_chromeos.h
[add] https://crrev.com/e09511329119adbacc5e291b5d16b31fcb14a4d4/chrome/browser/chromeos/extensions/extension_tab_util_delegate_chromeos_unittest.cc
[modify] https://crrev.com/e09511329119adbacc5e291b5d16b31fcb14a4d4/chrome/browser/chromeos/login/users/chrome_user_manager_impl.cc
[modify] https://crrev.com/e09511329119adbacc5e291b5d16b31fcb14a4d4/chrome/browser/extensions/extension_tab_util.cc
[modify] https://crrev.com/e09511329119adbacc5e291b5d16b31fcb14a4d4/chrome/browser/extensions/extension_tab_util.h
[add] https://crrev.com/e09511329119adbacc5e291b5d16b31fcb14a4d4/chrome/browser/extensions/extension_tab_util_unittest.cc
[modify] https://crrev.com/e09511329119adbacc5e291b5d16b31fcb14a4d4/chrome/test/BUILD.gn

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/a3ffd81079c26b22f412c3ad670060d8349d264c

commit a3ffd81079c26b22f412c3ad670060d8349d264c
Author: isandrk <isandrk@chromium.org>
Date: Tue Apr 25 15:19:29 2017

Whitelisted tabs permission

Follow up to crrev.com/2830903003 - forgot to actually whitelist the permission.

BUG= 709513 

Review-Url: https://codereview.chromium.org/2840823002
Cr-Commit-Position: refs/heads/master@{#466995}

[modify] https://crrev.com/a3ffd81079c26b22f412c3ad670060d8349d264c/chrome/browser/chromeos/extensions/device_local_account_management_policy_provider.cc

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/de08ac6f6973f9771eb912e816d046abc791ac54

commit de08ac6f6973f9771eb912e816d046abc791ac54
Author: isandrk <isandrk@chromium.org>
Date: Fri May 26 10:33:35 2017

[Test] Added a test for activeTab URL filtering

Added a test to make sure that changes introduced in crrev.com/2858643002 to ExtensionActionAPI::DispatchExtensionActionClicked work as intended, ie. that the extension doesn't have access to tab.url unless it has the activeTab permission granted.

TEST=This test succeeds with the aforementioned crrev patch, and fails without it.
BUG= 709513 

Review-Url: https://codereview.chromium.org/2871533002
Cr-Commit-Position: refs/heads/master@{#474979}

[modify] https://crrev.com/de08ac6f6973f9771eb912e816d046abc791ac54/chrome/browser/extensions/active_tab_apitest.cc
[modify] https://crrev.com/de08ac6f6973f9771eb912e816d046abc791ac54/chrome/test/data/extensions/api_test/active_tab/background.js