Allow <webview> to access URLs in the origin of the app embedding it.

With r422474 creation of blob: URLs with origin of a chrome-extension://
was locked down. However, the case of a <webview> loading an
accessible_resource from its embedder and creating a blob: is disallowed.
This CL adds permission for <webview> to create such URLs in the origin
of its embedder.

This CL is based on work by nick@chromium.org.

BUG=652784, 644966

Review-Url: https://codereview.chromium.org/2396533003
Cr-Commit-Position: refs/heads/master@{#422976}

chrome/test/data/extensions/platform_apps/web_view/guest_focus_test/guest.js

@@ -17,6 +17,7 @@ function sendMessageToEmbedder(message) {
 }
 
 window.addEventListener('message', function(e) {
+  URL.createObjectURL(new Blob([]));
   embedder = e.source;
   var data = JSON.parse(e.data);
   if (data[0] == 'connect') {

extensions/browser/guest_view/web_view/web_view_guest.cc

@@ -364,7 +364,17 @@ void WebViewGuest::CreateWebContents(
       owner_render_process_host->GetBrowserContext(),
       std::move(guest_site_instance));
   params.guest_delegate = this;
-  callback.Run(WebContents::Create(params));
+  WebContents* new_contents = WebContents::Create(params);
+
+  // Grant access to the origin of the embedder to the guest process. This
+  // allows blob:/filesystem: URLs with the embedder origin to be created
+  // inside the guest. It is possible to do this by running embedder code
+  // through webview accessible_resources.
+  content::ChildProcessSecurityPolicy::GetInstance()->GrantOrigin(
+      new_contents->GetMainFrame()->GetProcess()->GetID(),
+      url::Origin(GetOwnerSiteURL()));
+
+  callback.Run(new_contents);
 }
 
 void WebViewGuest::DidAttachToEmbedder() {