cert: Use builtin verifier on Android and Linux

src/net/BUILD.gn

@@ -1106,7 +1106,6 @@ component("net") {
       "android/network_library.h",
       "android/traffic_stats.h",
       "cert/cert_verify_proc_android.h",
-      "cert/test_root_certs_android.cc",
       "proxy_resolution/proxy_config_service_android.h",
     ]
   }
@@ -1149,6 +1148,7 @@ component("net") {
       "base/network_interfaces_linux.cc",
       "base/network_interfaces_linux.h",
       "base/platform_mime_util_linux.cc",
+      "cert/test_root_certs_builtin.cc",
     ]
   }
 

src/net/cert/ev_root_ca_metadata.h

@@ -17,7 +17,7 @@
 #include "net/cert/x509_certificate.h"
 
 #if BUILDFLAG(USE_NSS_CERTS) || BUILDFLAG(IS_WIN) || BUILDFLAG(IS_MAC) || \
-    BUILDFLAG(IS_FUCHSIA)
+    BUILDFLAG(IS_FUCHSIA) || BUILDFLAG(IS_ANDROID) || BUILDFLAG(IS_LINUX)
 // When not defined, the EVRootCAMetadata singleton is a dumb placeholder
 // implementation that will fail all EV lookup operations.
 #define PLATFORM_USES_CHROMIUM_EV_METADATA

src/net/features.gni

@@ -46,11 +46,11 @@ declare_args() {
   # flag is false, verification may be done with the platform verifier or the
   # builtin verifier using platform roots, depending on the platform.
   # See https://crbug.com/1216547 for status.
-  chrome_root_store_optional = is_android && !is_cronet_build
+  chrome_root_store_optional = false
 
   # Platforms for which certificate verification can only be performed using
   # the builtin cert verifier with the Chrome Root Store.
-  chrome_root_store_only = is_win || is_mac || is_linux || is_chromeos
+  chrome_root_store_only = is_win || is_mac || is_linux || is_chromeos || is_android
 }
 
 assert(!chrome_root_store_optional || !chrome_root_store_only,