Default avb_hash_algorithm to sha256 for android_filesystem modules

This change only impacts android_filesytem and android_system_image
soong modules which are currently only used to build microdroid images.

Also add a neverallow rule to discourage usage of sha1.

Bug: 341123987
Test: m
Test: manually set avb_hash_algorithm: "sha1" check build fails
Change-Id: I5449f711c751752db42dcca785ff1a2de054fb2d

1 files changed, 3 insertions, 4 deletions

diff --git a/filesystem/filesystem.go b/filesystem/filesystem.go
index e3f3ce866..5516efc43 100644
--- a/filesystem/filesystem.go
+++ b/filesystem/filesystem.go
@@ -119,7 +119,7 @@ type FilesystemProperties struct {
 	Avb_algorithm *string
 
 	// Hash algorithm used for avbtool (for descriptors). This is passed as hash_algorithm to
-	// avbtool. Default used by avbtool is sha1.
+	// avbtool. Default is sha256.
 	Avb_hash_algorithm *string
 
 	// The security patch passed to as the com.android.build.<type>.security_patch avb property.
@@ -896,9 +896,8 @@ func (f *filesystem) buildPropFile(ctx android.ModuleContext) (android.Path, and
 		if !proptools.BoolDefault(f.properties.Use_fec, true) {
 			avb_add_hashtree_footer_args += " --do_not_generate_fec"
 		}
-		if hashAlgorithm := proptools.String(f.properties.Avb_hash_algorithm); hashAlgorithm != "" {
-			avb_add_hashtree_footer_args += " --hash_algorithm " + hashAlgorithm
-		}
+		hashAlgorithm := proptools.StringDefault(f.properties.Avb_hash_algorithm, "sha256")
+		avb_add_hashtree_footer_args += " --hash_algorithm " + hashAlgorithm
 		if f.properties.Rollback_index != nil {
 			rollbackIndex := proptools.Int(f.properties.Rollback_index)
 			if rollbackIndex < 0 {