[IndexedDB] Remove child policy permissions for blobs from IndexedDB

Now that blobs from IndexedDB are backed & read by the IndexedDB system,
they are no longer sent to the renderer as files. This means no content
policy changes or grants are necessary.

Tracking document:
https://docs.google.com/document/d/18suNOOzuEJbqgRJF0MB2VqdTyYqS4cvI2PGaCpyPXSw/edit?ts=5de6dc30&pli=1#heading=h.tw2iw2qfgduj

Bug: 1015212
Change-Id: If3d2fd80b3254f19a56ab16ed7fc39cf5f0cf684
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1955813Reviewed-by: Ken Rockot <rockot@google.com>
Reviewed-by: enne <enne@chromium.org>
Commit-Queue: Daniel Murphy <dmurph@chromium.org>
Cr-Commit-Position: refs/heads/master@{#722617}

content/browser/indexed_db/indexed_db_backing_store.cc

@@ -32,7 +32,6 @@
 #include "components/services/storage/indexed_db/transactional_leveldb/transactional_leveldb_factory.h"
 #include "components/services/storage/indexed_db/transactional_leveldb/transactional_leveldb_iterator.h"
 #include "components/services/storage/indexed_db/transactional_leveldb/transactional_leveldb_transaction.h"
-#include "content/browser/child_process_security_policy_impl.h"
 #include "content/browser/indexed_db/indexed_db_active_blob_registry.h"
 #include "content/browser/indexed_db/indexed_db_blob_info.h"
 #include "content/browser/indexed_db/indexed_db_context_impl.h"
@@ -549,12 +548,6 @@ IndexedDBBackingStore::IndexedDBBackingStore(
 
 IndexedDBBackingStore::~IndexedDBBackingStore() {
   DCHECK_CALLED_ON_VALID_SEQUENCE(idb_sequence_checker_);
-  if (!blob_path_.empty() && !child_process_ids_granted_.empty()) {
-    ChildProcessSecurityPolicyImpl* policy =
-        ChildProcessSecurityPolicyImpl::GetInstance();
-    for (const auto& pid : child_process_ids_granted_)
-      policy->RevokeAllPermissionsForFile(pid, blob_path_);
-  }
 }
 
 IndexedDBBackingStore::RecordIdentifier::RecordIdentifier(
@@ -908,16 +901,6 @@ bool IndexedDBBackingStore::RecordCorruptionInfo(const FilePath& path_base,
                                                         output_js.c_str());
 }
 
-void IndexedDBBackingStore::GrantChildProcessPermissions(int child_process_id) {
-  DCHECK_CALLED_ON_VALID_SEQUENCE(idb_sequence_checker_);
-
-  if (!child_process_ids_granted_.count(child_process_id)) {
-    child_process_ids_granted_.insert(child_process_id);
-    ChildProcessSecurityPolicyImpl::GetInstance()->GrantReadFile(
-        child_process_id, blob_path_);
-  }
-}
-
 Status IndexedDBBackingStore::DeleteDatabase(
     const base::string16& name,
     TransactionalLevelDBTransaction* transaction) {

content/browser/indexed_db/indexed_db_backing_store.h

@@ -332,8 +332,6 @@ class CONTENT_EXPORT IndexedDBBackingStore {
     return active_blob_registry_.get();
   }
 
-  void GrantChildProcessPermissions(int child_process_id);
-
   // Compact is public for testing.
   virtual void Compact();
   virtual leveldb::Status DeleteDatabase(

content/browser/indexed_db/indexed_db_database.cc

@@ -1617,8 +1617,6 @@ std::unique_ptr<IndexedDBConnection> IndexedDBDatabase::CreateConnection(
     scoped_refptr<IndexedDBDatabaseCallbacks> database_callbacks,
     IndexedDBExecutionContextConnectionTracker::Handle
         execution_context_connection_handle) {
-  const int render_process_id =
-      execution_context_connection_handle.render_process_id();
   std::unique_ptr<IndexedDBConnection> connection =
       std::make_unique<IndexedDBConnection>(
           std::move(execution_context_connection_handle),
@@ -1630,7 +1628,6 @@ std::unique_ptr<IndexedDBConnection> IndexedDBDatabase::CreateConnection(
                          weak_factory_.GetWeakPtr()),
           database_callbacks);
   connections_.insert(connection.get());
-  backing_store_->GrantChildProcessPermissions(render_process_id);
   return connection;
 }