[ MimeHandlerView ] Block PluginStatus != kAllowed/kPlayImportantContent

Currently, a MimeHandlerView is created as long as there is a plugin
for it. This behavior undermines issues such as <webview> permissions

This CL will avoid creating MimeHandlerView if the plugin is not
allowed. This change will also make the test
WebViewPluginTest.TestLoadPluginInternalResource pass with the flag

Note that when the plugin is not allowed, no (frame-based)
MimeHandlerView will be created and the code will follow the ordinary
CreatePlugin code path.

Bug: 963694
Change-Id: I91b88956480139ffdb0df06077d099746b713751
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1622890
Reviewed-by: Ehsan Karamad <ekaramad@chromium.org>
Reviewed-by: James MacLean <wjmaclean@chromium.org>
Reviewed-by: Tommy Li <tommycli@chromium.org>
Reviewed-by: Ɓukasz Anforowicz <lukasza@chromium.org>
Commit-Queue: Ehsan Karamad <ekaramad@chromium.org>
Cr-Commit-Position: refs/heads/master@{#662641}
diff --git a/chrome/browser/apps/guest_view/web_view_browsertest.cc b/chrome/browser/apps/guest_view/web_view_browsertest.cc
index b908adf..0cda26c 100644
--- a/chrome/browser/apps/guest_view/web_view_browsertest.cc
+++ b/chrome/browser/apps/guest_view/web_view_browsertest.cc
@@ -3320,12 +3320,6 @@
 IN_PROC_BROWSER_TEST_F(WebViewPluginTest, TestLoadPluginInternalResource) {
-  if (content::MimeHandlerViewMode::UsesCrossProcessFrame()) {
-    // Permissions are broken with frame-based MimeHandlerView as it never goes
-    // through the same plugin checks when attaching an <embed>. Fix this asap.
-    // (https://crbug.com/963694).
-    return;
-  }
   const char kTestMimeType[] = "application/pdf";
   const char kTestFileType[] = "pdf";
   content::WebPluginInfo plugin_info;
diff --git a/chrome/renderer/chrome_content_renderer_client.cc b/chrome/renderer/chrome_content_renderer_client.cc
index fb2e2fd..f316d7f 100644
--- a/chrome/renderer/chrome_content_renderer_client.cc
+++ b/chrome/renderer/chrome_content_renderer_client.cc
@@ -608,7 +608,14 @@
       render_frame->GetRoutingID(), original_url,
       render_frame->GetWebFrame()->Top()->GetSecurityOrigin(), mime_type,
-  if (plugin_info->status == chrome::mojom::PluginStatus::kNotFound ||
+  // TODO(ekaramad): Not continuing here due to a disallowed status should take
+  // us to CreatePlugin. See if more in depths investigation of |status| is
+  // necessary here (see https://crbug.com/965747). For now, returning false
+  // should take us to CreatePlugin after HTMLPlugInElement which is called
+  // through HTMLPlugInElement::LoadPlugin code path.
+  if ((plugin_info->status != chrome::mojom::PluginStatus::kAllowed &&
+       plugin_info->status !=
+           chrome::mojom::PluginStatus::kPlayImportantContent) ||
           plugin_element, original_url, plugin_info->actual_mime_type,
           plugin_info->plugin)) {