Consolidate SecurityOrigin::GrantUniversalAccess() calls into one place.

In theory, this should make things a bit easier for calculations that
need to take universal access into account. New WPT to cover origin
inheritance have also been added to document behavior differences
between browsers that were discovered while writing this CL.

Change-Id: I1dd925fc0255461d8212b3eb4280936c93613f37
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2758255
Commit-Queue: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: James MacLean <wjmaclean@chromium.org>
Reviewed-by: Domenic Denicola <domenic@chromium.org>
Cr-Commit-Position: refs/heads/master@{#862939}

html/browsers/origin/inheritance/about-blank-iframe.html

@@ -0,0 +1,28 @@
+<!doctype html>
+<html>
+  <head>
+    <title>about:blank in child browsing context aliases security origin</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+  </head>
+  <body>
+    <script>
+      test(() => {
+        let iframe = document.createElement('iframe');
+        document.body.appendChild(iframe);
+        // Should not throw: srcdoc should always be same-origin.
+        iframe.contentWindow.document.body.innerHTML = '<p>Hello world!</p>';
+
+        // Explicitly set `domain` component of origin: any other same-origin
+        // browsing contexts are now cross-origin unless they also explicitly
+        // set document.domain to the same value.
+        document.domain = document.domain;
+        // Should not throw: the origin should be aliased, so setting
+        // document.domain in one Document should affect both Documents.
+        assert_equals(
+            iframe.contentWindow.document.body.textContent,
+            'Hello world!');
+      });
+    </script>
+  </body>
+</html>

html/browsers/origin/inheritance/about-blank-window.html

@@ -0,0 +1,25 @@
+<!doctype html>
+<html>
+  <head>
+    <title>about:blank in auxiliary browsing context aliases security origin</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+  </head>
+  <body>
+    <script>
+      test(() => {
+        let newWindow = window.open();
+        // Should not throw: the newly-opened window should be same-origin.
+        newWindow.document.body.innerHTML = '<p>Hello world!</p>';
+
+        // Explicitly set `domain` component of origin: any other same-origin
+        // browsing contexts are now cross-origin unless they also explicitly
+        // set document.domain to the same value.
+        document.domain = document.domain;
+        // Should not throw: the origin should be aliased, so setting
+        // document.domain in one Document should affect both Documents.
+        assert_equals(newWindow.document.body.textContent, 'Hello world!');
+      });
+    </script>
+  </body>
+</html>

html/browsers/origin/inheritance/about-srcdoc.html

@@ -0,0 +1,29 @@
+<!doctype html>
+<html>
+  <head>
+    <title>about:srcdoc aliases security origin</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+  </head>
+  <body>
+    <script>
+      test(() => {
+        let iframe = document.createElement('iframe');
+        iframe.srcdoc = '<body></body>';
+        document.body.appendChild(iframe);
+        // Should not throw: srcdoc should always be same-origin.
+        iframe.contentWindow.document.body.innerHTML = '<p>Hello world!</p>';
+
+        // Explicitly set `domain` component of origin: any other same-origin
+        // browsing contexts are now cross-origin unless they also explicitly
+        // set document.domain to the same value.
+        document.domain = document.domain;
+        // Should not throw: the origin should be aliased, so setting
+        // document.domain in one Document should affect both Documents.
+        assert_equals(
+            iframe.contentWindow.document.body.textContent,
+            'Hello world!');
+      });
+    </script>
+  </body>
+</html>

html/browsers/origin/inheritance/javascript-url.html

@@ -0,0 +1,33 @@
+<!doctype html>
+<html>
+  <head>
+    <title>javascript: aliases security origin</title>
+    <script src="/resources/testharness.js"></script>
+    <script src="/resources/testharnessreport.js"></script>
+  </head>
+  <body>
+    <script>
+      promise_test(t => {
+        let iframe = document.createElement('iframe');
+        document.body.appendChild(iframe);
+        // Should not throw: srcdoc should always be same-origin.
+        iframe.contentDocument;
+
+        iframe.contentWindow.location = 'javascript:"Hello world!"';
+        return new Promise(resolve => {
+          iframe.addEventListener('load', resolve);
+        }).then(() => {
+          // Explicitly set `domain` component of origin: any other same-origin
+          // browsing contexts are now cross-origin unless they also explicitly
+          // set document.domain to the same value.
+          document.domain = document.domain;
+          // Should not throw: the origin should be aliased, so setting
+          // document.domain in one Document should affect both Documents.
+          assert_equals(
+              iframe.contentWindow.document.body.textContent,
+              'Hello world!');
+        });
+      });
+    </script>
+  </body>
+</html>