Update ChildProcessSecurityPolicy so that the chrome-extension:// scheme
is considered "web safe" to be requestable from any process, but only
"web safe" to commit in extension processes.

In ChildProcessSecurityPolicy::CanRequestURL and CanCommitURL, when
seeing blob and filesystem urls, make a security decision based
on the inner origin rather than the scheme.

When the extensions ProcessManager (via ExtensionWebContentsObserver) notices a
RenderFrame being created in an extension SiteInstance, grant that process
permission to commit chrome-extension:// URLs.

In BlobDispatcherHost, only allow creation of blob URLs from processes that
would be able to commit them.

Add a security exploit browsertest that verifies the above mechanisms working
together.

BUG=644966

Committed: https://crrev.com/a411fd062bc68fc2b5fc3aca7e4cbb8e4a3e074e
Review-Url: https://codereview.chromium.org/2364633004
Cr-Original-Commit-Position: refs/heads/master@{#421964}
Cr-Commit-Position: refs/heads/master@{#422474}
13 files changed