Tighten IO thread blob/filesystem URL checks for apps with webview permission.

Tighten IO thread blob/filesystem URL checks for apps with webview permission.
[Merge to M55]

The IO thread blob/filesystem URL security checks were originally
introduced in r419019 and r422954.  This was merged back to M54 and
M55.

They were later moved to the UI thread (into
ExtensionNavigationThrottle) in r424937 to make them compatible with
PlzNavigate.  However, that only exists in M56.

Per linked bug, we need to tighten the security check currently in M54
and M55 for apps with a "webview" permission where the problematic
blob/filesystem URL requests aren't made from the guest process.

This is the plan for fixing this:
1.  https://codereview.chromium.org/2435593007/: Reintroduce these IO
    thread checks on M56.
2.  <This CL> Tighten the checks for the scenario above using
    ChildProcessSecurityPolicy.
3.  Merge the CL from step 2 back to M55 and M54.
4.  Remove these checks from M56 and tighten the checks in
    ExtensionNavigationThrottle.

The goal of this CL is to determine if a request is being made by a
guest process on the IO thread.  It relies on the fact that
ChildProcessSecurityPolicyImpl already has the origin
"chrome-extension://<appid>" in the origin_set_ for the guest process,
thanks to the GrantOrigin that was added to
WebViewGuest::CreateWebContents in r422976 as part of fixing issue
652784.  Therefore, it's sufficient to check whether the requested
nested URL's origin is in the origin_set_ for the process making the
request.

BUG=656752
Review-Url: https://chromiumcodereview.appspot.com/2437753003
Cr-Commit-Position: refs/heads/master@{#426870}
(cherry picked from commit f7af135c51a99daba0cdb5ef204465ff995802e4)

Committed: https://chromium.googlesource.com/chromium/src/+/3299d4da316b8dd3cbf72e49e5b3de4ea806e87f

[alexmos, 2016-10-24 18:40:59]

Description was changed from

==========
Tighten IO thread blob/filesystem URL checks for apps with webview permission.
[Merge to M55]

The IO thread blob/filesystem URL security checks were originally
introduced in r419019 and r422954.  This was merged back to M54 and
M55.

They were later moved to the UI thread (into
ExtensionNavigationThrottle) in r424937 to make them compatible with
PlzNavigate.  However, that only exists in M56.

Per linked bug, we need to tighten the security check currently in M54
and M55 for apps with a "webview" permission where the problematic
blob/filesystem URL requests aren't made from the guest process.

This is the plan for fixing this:
1.  https://codereview.chromium.org/2435593007/: Reintroduce these IO
    thread checks on M56.
2.  <This CL> Tighten the checks for the scenario above using
    ChildProcessSecurityPolicy.
3.  Merge the CL from step 2 back to M55 and M54.
4.  Remove these checks from M56 and tighten the checks in
    ExtensionNavigationThrottle.

The goal of this CL is to determine if a request is being made by a
guest process on the IO thread.  It relies on the fact that
ChildProcessSecurityPolicyImpl already has the origin
"chrome-extension://<appid>" in the origin_set_ for the guest process,
thanks to the GrantOrigin that was added to
WebViewGuest::CreateWebContents in r422976 as part of fixing issue
652784.  Therefore, it's sufficient to check whether the requested
nested URL's origin is in the origin_set_ for the process making the
request.

BUG=656752

Review-Url: https://chromiumcodereview.appspot.com/2437753003
Cr-Commit-Position: refs/heads/master@{#426870}
(cherry picked from commit f7af135c51a99daba0cdb5ef204465ff995802e4)
==========

to

==========
Tighten IO thread blob/filesystem URL checks for apps with webview permission.
[Merge to M55]

The IO thread blob/filesystem URL security checks were originally
introduced in r419019 and r422954.  This was merged back to M54 and
M55.

They were later moved to the UI thread (into
ExtensionNavigationThrottle) in r424937 to make them compatible with
PlzNavigate.  However, that only exists in M56.

Per linked bug, we need to tighten the security check currently in M54
and M55 for apps with a "webview" permission where the problematic
blob/filesystem URL requests aren't made from the guest process.

This is the plan for fixing this:
1.  https://codereview.chromium.org/2435593007/: Reintroduce these IO
    thread checks on M56.
2.  <This CL> Tighten the checks for the scenario above using
    ChildProcessSecurityPolicy.
3.  Merge the CL from step 2 back to M55 and M54.
4.  Remove these checks from M56 and tighten the checks in
    ExtensionNavigationThrottle.

The goal of this CL is to determine if a request is being made by a
guest process on the IO thread.  It relies on the fact that
ChildProcessSecurityPolicyImpl already has the origin
"chrome-extension://<appid>" in the origin_set_ for the guest process,
thanks to the GrantOrigin that was added to
WebViewGuest::CreateWebContents in r422976 as part of fixing issue
652784.  Therefore, it's sufficient to check whether the requested
nested URL's origin is in the origin_set_ for the process making the
request.

BUG=656752

Review-Url: https://chromiumcodereview.appspot.com/2437753003
Cr-Commit-Position: refs/heads/master@{#426870}
(cherry picked from commit f7af135c51a99daba0cdb5ef204465ff995802e4)

Committed:
https://chromium.googlesource.com/chromium/src/+/3299d4da316b8dd3cbf72e49e5b3...
==========

[alexmos, 2016-10-24 18:41:00]

Committed patchset #1 (id:1) manually as
3299d4da316b8dd3cbf72e49e5b3de4ea806e87f.