diff options
| author | 2025-02-04 09:49:50 -0800 | |
|---|---|---|
| committer | 2025-02-04 09:49:50 -0800 | |
| commit | 93a9c7341c217406c2f6db53e14ee7fb39d8e6fa (patch) | |
| tree | f808cab9ca294296663813911232f32a971223dd | |
| parent | 0e60ed234eb2e7fe827d300ddeb12c3d7f1c74e8 (diff) | |
| parent | 50fb49cabe70cfbde6743acb18543cd14befb7a5 (diff) | |
Merge "Default avb_hash_algorithm to sha256 for android_filesystem modules" into main
| -rw-r--r-- | android/neverallow.go | 9 | ||||
| -rw-r--r-- | filesystem/filesystem.go | 7 |
2 files changed, 12 insertions, 4 deletions
diff --git a/android/neverallow.go b/android/neverallow.go index d345ee8e4..70af2acc3 100644 --- a/android/neverallow.go +++ b/android/neverallow.go @@ -65,6 +65,7 @@ func init() { AddNeverAllowRules(createKotlinPluginRule()...) AddNeverAllowRules(createPrebuiltEtcBpDefineRule()) AddNeverAllowRules(createAutogenRroBpDefineRule()) + AddNeverAllowRules(createNoSha1HashRule()) } // Add a NeverAllow rule to the set of rules to apply. @@ -336,6 +337,14 @@ func createFilesystemIsAutoGeneratedRule() Rule { Because("is_auto_generated property is only allowed for filesystem modules in build/soong/fsgen directory") } +func createNoSha1HashRule() Rule { + return NeverAllow(). + ModuleType("filesystem", "android_filesystem"). + ModuleType("filesystem", "android_system_image"). + With("avb_hash_algorithm", "sha1"). + Because("sha1 is discouraged") +} + func createKotlinPluginRule() []Rule { kotlinPluginProjectsAllowedList := []string{ "external/kotlinc", diff --git a/filesystem/filesystem.go b/filesystem/filesystem.go index 660603741..0ce31b293 100644 --- a/filesystem/filesystem.go +++ b/filesystem/filesystem.go @@ -119,7 +119,7 @@ type FilesystemProperties struct { Avb_algorithm *string // Hash algorithm used for avbtool (for descriptors). This is passed as hash_algorithm to - // avbtool. Default used by avbtool is sha1. + // avbtool. Default is sha256. Avb_hash_algorithm *string // The security patch passed to as the com.android.build.<type>.security_patch avb property. @@ -903,9 +903,8 @@ func (f *filesystem) buildPropFile(ctx android.ModuleContext) (android.Path, and if !proptools.BoolDefault(f.properties.Use_fec, true) { avb_add_hashtree_footer_args += " --do_not_generate_fec" } - if hashAlgorithm := proptools.String(f.properties.Avb_hash_algorithm); hashAlgorithm != "" { - avb_add_hashtree_footer_args += " --hash_algorithm " + hashAlgorithm - } + hashAlgorithm := proptools.StringDefault(f.properties.Avb_hash_algorithm, "sha256") + avb_add_hashtree_footer_args += " --hash_algorithm " + hashAlgorithm if f.properties.Rollback_index != nil { rollbackIndex := proptools.Int(f.properties.Rollback_index) if rollbackIndex < 0 { |