Update ChildProcessSecurityPolicy so that the chrome-extension:// scheme
is considered "web safe" to be requestable from any process, but only
"web safe" to commit in extension processes.
In ChildProcessSecurityPolicy::CanRequestURL and CanCommitURL, when
seeing blob and filesystem urls, make a security decision based
on the inner origin rather than the scheme.
When the extensions ProcessManager (via ExtensionWebContentsObserver) notices a
RenderFrame being created in an extension SiteInstance, grant that process
permission to commit chrome-extension:// URLs.
In BlobDispatcherHost, only allow creation of blob URLs from processes that
would be able to commit them.
Add a security exploit browsertest that verifies the above mechanisms working
together.
BUG=644966
Review-Url: https://codereview.chromium.org/2364633004
Cr-Commit-Position: refs/heads/master@{#421964}
12 files changed
