Relax shared module whitelist restriction

This is to allow unpacked extensions to load without checking
a shared module's whitelist.  Webstore installs and side-loading
via CRX are still restricted.

BUG=414950

Review URL: https://codereview.chromium.org/573113002

Cr-Commit-Position: refs/heads/master@{#296134}

chrome/browser/extensions/shared_module_service.cc

@@ -61,9 +61,6 @@ SharedModuleService::ImportStatus SharedModuleService::CheckImports(
       }
     } else if (!SharedModuleInfo::IsSharedModule(imported_module)) {
       return IMPORT_STATUS_UNRECOVERABLE;
-    } else if (!SharedModuleInfo::IsExportAllowedByWhitelist(imported_module,
-                                                             extension->id())) {
-      return IMPORT_STATUS_UNRECOVERABLE;
     } else if (version_required.IsValid() &&
                imported_module->version()->CompareTo(version_required) < 0) {
       if (imported_module->from_webstore()) {

chrome/browser/extensions/shared_module_service_unittest.cc

@@ -268,7 +268,11 @@ TEST_F(SharedModuleServiceUnitTest, WhitelistedImports) {
       CreateExtensionImportingModule(shared_module->id(),
                                      nonwhitelisted_id,
                                      "1.0");
-  EXPECT_FALSE(InstallExtension(nonwhitelisted_extension.get(), false));
+  // This should succeed because only CRX installer (and by extension the
+  // WebStore Installer) checks the shared module whitelist.  InstallExtension
+  // bypasses the whitelist check because the SharedModuleService does not
+  // care about whitelists.
+  EXPECT_TRUE(InstallExtension(nonwhitelisted_extension.get(), false));
 }
 
 }  // namespace extensions

chrome/common/pepper_permission_util.cc

@@ -62,11 +62,6 @@ bool IsExtensionOrSharedModuleWhitelisted(
         extension_set->GetByID(it->extension_id);
     if (imported_extension &&
         SharedModuleInfo::IsSharedModule(imported_extension) &&
-        // We check the whitelist explicitly even though the extension should
-        // never have been allowed to be installed in the first place if this
-        // fails.  See SharedModuleService::CheckImports for details.
-        SharedModuleInfo::IsExportAllowedByWhitelist(imported_extension,
-                                                     host) &&
         HostIsInSet(it->extension_id, whitelist)) {
       return true;
     }

chrome/common/pepper_permission_util_unittest.cc

@@ -115,15 +115,19 @@ TEST(PepperPermissionUtilTest, SharedModuleWhitelisting) {
   extensions.Insert(shared_module);
   EXPECT_TRUE(IsExtensionOrSharedModuleWhitelisted(
       GURL(extension_url), &extensions, whitelist));
-  scoped_refptr<Extension> bad_ext =
+  scoped_refptr<Extension> not_in_sm_whitelist =
       CreateExtensionImportingModule(shared_module->id(), bad_id);
-  std::string bad_extension_url = std::string("chrome-extension://") +
-                                  bad_ext->id() + std::string("/foo.html");
-
-  extensions.Insert(bad_ext);
-  // This should fail because bad_ext is not whitelisted to use shared_module.
-  EXPECT_FALSE(IsExtensionOrSharedModuleWhitelisted(
-      GURL(bad_extension_url), &extensions, whitelist));
+  std::string not_in_sm_whitelist_url = std::string("chrome-extension://") +
+                                        not_in_sm_whitelist->id() +
+                                        std::string("/foo.html");
+
+  extensions.Insert(not_in_sm_whitelist);
+  // This should succeed, even though |not_in_sm_whitelist| is not whitelisted
+  // to use shared_module, because the pepper permission utility does not care
+  // about that whitelist.  It is possible to install against the whitelist as
+  // an unpacked extension.
+  EXPECT_TRUE(IsExtensionOrSharedModuleWhitelisted(
+      GURL(not_in_sm_whitelist_url), &extensions, whitelist));
 
   // Note that the whitelist should be empty after this call, so tests checking
   // for failure to import will fail because of this.