Web MIDI: implement right sysex handling for received messages.

I missed to apply ChildProcessSecurityPolicy to receive side. Blink
needs additional sysex filter per MIDIAccess object.

BUG=163795
TEST=none

Review URL: https://chromiumcodereview.appspot.com/23983004

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@221662 0039d316-1c4b-4281-b951-d872f2087c98

content/browser/renderer_host/media/midi_host.cc

@@ -136,13 +136,16 @@ void MIDIHost::ReceiveMIDIData(
     double timestamp) {
   TRACE_EVENT0("midi", "MIDIHost::ReceiveMIDIData");
 
-  // For now disallow all System Exclusive messages even if we
-  // have permission.
-  // TODO(toyoshim): allow System Exclusive if browser has granted
-  // this client access.  We'll likely need to pass a GURL
-  // here to compare against our permissions.
-  if (length > 0 && data[0] >= kSysExMessage)
+  // Check a process security policy to receive a system exclusive message.
+  if (length > 0 && data[0] >= kSysExMessage) {
+    if (!ChildProcessSecurityPolicyImpl::GetInstance()->CanSendMIDISysExMessage(
+        renderer_process_id_)) {
+      // MIDI devices may send a system exclusive messages even if the renderer
+      // doesn't have a permission to receive it. Don't kill the renderer as
+      // OnSendData() does.
       return;
+    }
+  }
 
   // Send to the renderer.
   std::vector<uint8> v(data, data + length);