Shutdown the sandbox MessageServer before deleting it.

This prevents incoming messages from being processed while the object is being
destructed.

BUG=573489
R=thakis@chromium.org

Review URL: https://codereview.chromium.org/1556133002

Cr-Commit-Position: refs/heads/master@{#368355}

6 files changed, 16 insertions, 0 deletions

diff --git a/sandbox/mac/launchd_interception_server.cc b/sandbox/mac/launchd_interception_server.cc
index b793b03..69231b5 100644
--- a/sandbox/mac/launchd_interception_server.cc
+++ b/sandbox/mac/launchd_interception_server.cc
@@ -32,6 +32,7 @@ LaunchdInterceptionServer::LaunchdInterceptionServer(
 }
 
 LaunchdInterceptionServer::~LaunchdInterceptionServer() {
+  message_server_->Shutdown();
 }
 
 bool LaunchdInterceptionServer::Initialize(mach_port_t server_receive_right) {
diff --git a/sandbox/mac/mach_message_server.cc b/sandbox/mac/mach_message_server.cc
index 20bd94c..7626c3a 100644
--- a/sandbox/mac/mach_message_server.cc
+++ b/sandbox/mac/mach_message_server.cc
@@ -76,6 +76,10 @@ bool MachMessageServer::Initialize() {
   return true;
 }
 
+void MachMessageServer::Shutdown() {
+  dispatch_source_.reset();
+}
+
 pid_t MachMessageServer::GetMessageSenderPID(IPCMessage request) {
   // Get the PID of the task that sent this request. This requires getting at
   // the trailer of the message, from the header.
diff --git a/sandbox/mac/mach_message_server.h b/sandbox/mac/mach_message_server.h
index cf5b36f..515d565 100644
--- a/sandbox/mac/mach_message_server.h
+++ b/sandbox/mac/mach_message_server.h
@@ -34,6 +34,7 @@ class MachMessageServer : public MessageServer {
 
   // MessageServer:
   bool Initialize() override;
+  void Shutdown() override;
   pid_t GetMessageSenderPID(IPCMessage request) override;
   IPCMessage CreateReply(IPCMessage request) override;
   bool SendReply(IPCMessage reply) override;
diff --git a/sandbox/mac/message_server.h b/sandbox/mac/message_server.h
index 1cd40b0..6ee119b 100644
--- a/sandbox/mac/message_server.h
+++ b/sandbox/mac/message_server.h
@@ -44,6 +44,11 @@ class MessageServer {
   // returns false, no other methods may be called on this class.
   virtual bool Initialize() = 0;
 
+  // Blocks the calling thread while the server shuts down. This prevents
+  // the server from receiving new messages. After this method is called,
+  // no other methods may be called on this class.
+  virtual void Shutdown() = 0;
+
   // Given a received request message, returns the PID of the sending process.
   virtual pid_t GetMessageSenderPID(IPCMessage request) = 0;
 
diff --git a/sandbox/mac/xpc_message_server.cc b/sandbox/mac/xpc_message_server.cc
index d811e5d..1375310 100644
--- a/sandbox/mac/xpc_message_server.cc
+++ b/sandbox/mac/xpc_message_server.cc
@@ -48,6 +48,10 @@ bool XPCMessageServer::Initialize() {
   return true;
 }
 
+void XPCMessageServer::Shutdown() {
+  dispatch_source_.reset();
+}
+
 pid_t XPCMessageServer::GetMessageSenderPID(IPCMessage request) {
   audit_token_t token;
   xpc_dictionary_get_audit_token(request.xpc, &token);
diff --git a/sandbox/mac/xpc_message_server.h b/sandbox/mac/xpc_message_server.h
index 94c8858..c509bab 100644
--- a/sandbox/mac/xpc_message_server.h
+++ b/sandbox/mac/xpc_message_server.h
@@ -31,6 +31,7 @@ class SANDBOX_EXPORT XPCMessageServer : public MessageServer {
 
   // MessageServer:
   bool Initialize() override;
+  void Shutdown() override;
   pid_t GetMessageSenderPID(IPCMessage request) override;
   IPCMessage CreateReply(IPCMessage request) override;
   bool SendReply(IPCMessage reply) override;