binder: ServerAuthInterceptor might use an Executor that BinderServer has already returned to the pool #10897
Description
This is a follow-up to #10566.
(note: I'm describing the issue as I recollect it; Chat ate the discussion thread. @markb74 please correct me if I'm wrong)
#10633 introduced the PendingAuthListener class and the logic to handle AsyncSecurityPolicy without blocking any threads. This required an Executor to be passed to BinderTransportSecurity here. In the same PR, we added a shutdown listener to return that executor to the object pool during server shutdown (here).
@markb74 commented that this was sub-optimal, and we could instead return the executor during termination. One suggestion was to pass an Executor to BinderServer.start and reuse it throught that server's lifetime. I prototyped it in mateusazis@3f262ca, but ended up with a chicken-and-egg issue in BinderServerBuilder.build:
BinderTransportSecurity.installAuthInterceptorwants an Executor, but it will only be available onBinderServerafter it is instantiated and startedBinderServeris only instantiated after the authorization interceptor gets installed
Any help here is welcome!