Replace security state workaround in CanAccessDataForOrigin()

- Replace workaround with code that is more strict about enforcing
  security policy during child process shutdown. The old code would
  always allow data access for IDs not in the security_state_ map. The
  new code adds a pending map so we can deal with UI/IO thread races
  during child process removal AND rejects any unknown IDs.

- Fixed a test that depended on the old behavior where unknown IDs
  always allowed access.

Bug: 898281, 600441, 915203
Change-Id: I4b164eb3ec1cbb110479b633e73bcd883ef9a604
Commit-Queue: Aaron Colwell <>
Reviewed-by: Charlie Reis <>
Reviewed-by: Alex Moshchuk <>
Cr-Commit-Position: refs/heads/master@{#623114}
7 files changed