net/cert: Use builtin verifier on Android and Linux

src/net/BUILD.gn

@@ -1217,7 +1217,6 @@ component("net") {
       "android/network_library.h",
       "android/traffic_stats.h",
       "cert/cert_verify_proc_android.h",
-      "cert/test_root_certs_android.cc",
       "proxy_resolution/proxy_config_service_android.h",
     ]
   }
@@ -1260,6 +1259,7 @@ component("net") {
       "base/network_interfaces_linux.cc",
       "base/network_interfaces_linux.h",
       "base/platform_mime_util_linux.cc",
+      "cert/test_root_certs_builtin.cc",
     ]
   }
 

src/net/cert/ev_root_ca_metadata.h

@@ -17,7 +17,7 @@
 #include "net/cert/x509_certificate.h"
 
 #if BUILDFLAG(USE_NSS_CERTS) || BUILDFLAG(IS_WIN) || BUILDFLAG(IS_MAC) || \
-    BUILDFLAG(IS_FUCHSIA)
+    BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(IS_ANDROID) || BUILDFLAG(IS_LINUX)
 // When not defined, the EVRootCAMetadata singleton is a dumb placeholder
 // implementation that will fail all EV lookup operations.
 #define PLATFORM_USES_CHROMIUM_EV_METADATA

src/net/features.gni

@@ -46,11 +46,11 @@ declare_args() {
   #
   # Currently this is used only for Android because WebView does not use the
   # builtin cert verifier, but uses the Android cert verifier.
-  chrome_root_store_optional = is_android && !is_cronet_build
+  chrome_root_store_optional = false
 
   # Platforms for which certificate verification can only be performed using
   # the builtin cert verifier with the Chrome Root Store.
-  chrome_root_store_only = is_win || is_mac || is_linux || is_chromeos
+  chrome_root_store_only = is_win || is_mac || is_linux || is_chromeos || is_android
 
   # DBSC is only supported on windows for now
   enable_device_bound_sessions = is_win