Unfortunately the module installer does not provide any way by means of the dnn manifest to remove a previously defined custom permission during upgrade. As far as I know (but have not tested), simply omitting the custom permission from the manifest will not remove the permission.
Although you could remove the permission by directly manipulating the core Permission table in your upgrade version's SqlDataProvider script, I recommend against this approach. There is no assurance that the structure of any core table will remain the same from version to version. Backward compatibility through the use of publicly exposed DNN API methods is, however, closely adhered to from version to version.
I would implement in your v 3 module's business controller class the IUpgradable interface and in that implementation use the DotNetNuke.Security.Permissions.PermissionController class's
public void DeletePermission (int permissionID)
method to delete the custom permission from the core Permission table. Because foreign key relationships with cascade delete enabled exist between both the ModulePermission and DestopModulePermission tables and the Permission table, simply deleting the custom permission from the Permission table should remove all references to it from the ModulePermission and DesktopModulePermission table.
Before calling DeletePermission you will need to obtain the permissionID of the custom permission. This can be done by using the PermissionController's
public ArrayList GetPermissionByCodeAndKey(string permissionCode, string permissionKey)
to obtain a PermissionInfo object which will contain the PermissionID.
Here's a link to an article that explains how to define custom permissions in code using an IUpgradable implementation during installation of a module. Prior to enhancements of the module installer to allow specification of custom permissions in the manifest, that was the recommended way to create custom permissions.
http://www.codeproject.com/Articles/3...