Replace security state workaround in CanAccessDataForOrigin()

- Replace workaround with code that is more strict about enforcing
  security policy during child process shutdown. The old code would
  always allow data access for IDs not in the security_state_ map. The
  new code adds a pending map so we can deal with UI/IO thread races
  during child process removal AND rejects any unknown IDs.

- Fixed a test that depended on the old behavior where unknown IDs
  always allowed access.

Bug: 898281, 600441, 915203
Change-Id: I26ca1e48536672b05d2310d8a17be47d5b6ef5c7
Commit-Queue: Aaron Colwell <>
Reviewed-by: Tom Sepez <>
Reviewed-by: Alex Moshchuk <>
Cr-Commit-Position: refs/heads/master@{#617937}
7 files changed