Make symbols of BoringSSL private to gRPC

BUILD

@@ -1543,6 +1543,7 @@ grpc_cc_library(
         "grpc_base",
         "grpc_transport_chttp2_alpn",
         "tsi",
+        "grpc_shadow_boringssl",
     ],
 )
 
@@ -1803,6 +1804,7 @@ grpc_cc_library(
         "gpr",
         "grpc_base",
         "tsi_interface",
+        "grpc_shadow_boringssl",
     ],
 )
 
@@ -1899,6 +1901,7 @@ grpc_cc_library(
         "grpc_base",
         "grpc_transport_chttp2_client_insecure",
         "tsi_interface",
+        "grpc_shadow_boringssl",
     ],
 )
 
@@ -2154,4 +2157,11 @@ grpc_cc_library(
     ],
 )
 
+grpc_cc_library(
+    name = "grpc_shadow_boringssl",
+    hdrs = [
+        "src/core/tsi/grpc_shadow_boringssl.h",
+    ],
+)
+
 grpc_generate_one_off_targets()

build.yaml

@@ -69,6 +69,7 @@ filegroups:
   - grpc_transport_chttp2_client_insecure
   - tsi_interface
   - tsi
+  - grpc_shadow_boringssl
 - name: alts_util
   public_headers:
   - include/grpc/grpc_security.h
@@ -835,6 +836,7 @@ filegroups:
   - grpc_base
   - grpc_transport_chttp2_alpn
   - tsi
+  - grpc_shadow_boringssl
 - name: grpc_server_backward_compatibility
   headers:
   - src/core/ext/filters/workarounds/workaround_utils.h
@@ -842,6 +844,9 @@ filegroups:
   - src/core/ext/filters/workarounds/workaround_utils.cc
   uses:
   - grpc_base
+- name: grpc_shadow_boringssl
+  headers:
+  - src/core/tsi/grpc_shadow_boringssl.h
 - name: grpc_test_util_base
   build: test
   headers:
@@ -1103,6 +1108,7 @@ filegroups:
   - tsi_interface
   - grpc_base
   - grpc_trace
+  - grpc_shadow_boringssl
 - name: tsi_interface
   headers:
   - src/core/tsi/transport_security.h

gRPC-C++.podspec

@@ -345,6 +345,7 @@ Pod::Spec.new do |s|
                       'src/core/tsi/ssl_transport_security.h',
                       'src/core/tsi/ssl_types.h',
                       'src/core/tsi/transport_security_grpc.h',
+                      'src/core/tsi/grpc_shadow_boringssl.h',
                       'src/core/ext/transport/chttp2/server/chttp2_server.h',
                       'src/core/ext/transport/inproc/inproc_transport.h',
                       'src/core/lib/avl/avl.h',

gRPC-Core.podspec

@@ -181,8 +181,9 @@ Pod::Spec.new do |s|
     ss.header_mappings_dir = '.'
     ss.libraries = 'z'
     ss.dependency "#{s.name}/Interface", version
-    ss.dependency 'BoringSSL', '~> 10.0'
+    ss.dependency 'BoringSSL-GRPC', '0.0.1'
     ss.dependency 'nanopb', '~> 0.3'
+    ss.compiler_flags = '-DGRPC_SHADOW_BORINGSSL_SYMBOLS'
 
     # To save you from scrolling, this is the last part of the podspec.
     ss.source_files = 'src/core/lib/gpr/alloc.h',
@@ -356,6 +357,7 @@ Pod::Spec.new do |s|
                       'src/core/tsi/ssl_transport_security.h',
                       'src/core/tsi/ssl_types.h',
                       'src/core/tsi/transport_security_grpc.h',
+                      'src/core/tsi/grpc_shadow_boringssl.h',
                       'src/core/ext/transport/chttp2/server/chttp2_server.h',
                       'src/core/ext/transport/inproc/inproc_transport.h',
                       'src/core/lib/avl/avl.h',
@@ -949,6 +951,7 @@ Pod::Spec.new do |s|
                               'src/core/tsi/ssl_transport_security.h',
                               'src/core/tsi/ssl_types.h',
                               'src/core/tsi/transport_security_grpc.h',
+                              'src/core/tsi/grpc_shadow_boringssl.h',
                               'src/core/ext/transport/chttp2/server/chttp2_server.h',
                               'src/core/ext/transport/inproc/inproc_transport.h',
                               'src/core/lib/avl/avl.h',

grpc.gemspec

@@ -293,6 +293,7 @@ Gem::Specification.new do |s|
   s.files += %w( src/core/tsi/ssl_transport_security.h )
   s.files += %w( src/core/tsi/ssl_types.h )
   s.files += %w( src/core/tsi/transport_security_grpc.h )
+  s.files += %w( src/core/tsi/grpc_shadow_boringssl.h )
   s.files += %w( src/core/ext/transport/chttp2/server/chttp2_server.h )
   s.files += %w( src/core/ext/transport/inproc/inproc_transport.h )
   s.files += %w( src/core/lib/avl/avl.h )

package.xml

@@ -298,6 +298,7 @@
     <file baseinstalldir="/" name="src/core/tsi/ssl_transport_security.h" role="src" />
     <file baseinstalldir="/" name="src/core/tsi/ssl_types.h" role="src" />
     <file baseinstalldir="/" name="src/core/tsi/transport_security_grpc.h" role="src" />
+    <file baseinstalldir="/" name="src/core/tsi/grpc_shadow_boringssl.h" role="src" />
     <file baseinstalldir="/" name="src/core/ext/transport/chttp2/server/chttp2_server.h" role="src" />
     <file baseinstalldir="/" name="src/core/ext/transport/inproc/inproc_transport.h" role="src" />
     <file baseinstalldir="/" name="src/core/lib/avl/avl.h" role="src" />

src/core/lib/security/credentials/jwt/json_token.h

@@ -21,6 +21,8 @@
 
 #include <grpc/support/port_platform.h>
 
+#include "src/core/tsi/grpc_shadow_boringssl.h"
+
 #include <grpc/slice.h>
 #include <openssl/rsa.h>
 

src/core/lib/security/credentials/jwt/jwt_verifier.cc

@@ -18,6 +18,8 @@
 
 #include <grpc/support/port_platform.h>
 
+#include "src/core/tsi/grpc_shadow_boringssl.h"
+
 #include "src/core/lib/security/credentials/jwt/jwt_verifier.h"
 
 #include <limits.h>

src/core/tsi/alts/crypt/aes_gcm.cc

@@ -18,6 +18,8 @@
 
 #include <grpc/support/port_platform.h>
 
+#include "src/core/tsi/grpc_shadow_boringssl.h"
+
 #include "src/core/tsi/alts/crypt/gsec.h"
 
 #include <openssl/bio.h>

src/core/tsi/ssl/session_cache/ssl_session.h

@@ -21,6 +21,8 @@
 
 #include <grpc/support/port_platform.h>
 
+#include "src/core/tsi/grpc_shadow_boringssl.h"
+
 #include <grpc/slice.h>
 
 extern "C" {

src/core/tsi/ssl/session_cache/ssl_session_cache.h

@@ -21,6 +21,8 @@
 
 #include <grpc/support/port_platform.h>
 
+#include "src/core/tsi/grpc_shadow_boringssl.h"
+
 #include <grpc/slice.h>
 #include <grpc/support/sync.h>
 

src/core/tsi/ssl_transport_security.cc

@@ -18,6 +18,8 @@
 
 #include <grpc/support/port_platform.h>
 
+#include "src/core/tsi/grpc_shadow_boringssl.h"
+
 #include "src/core/tsi/ssl_transport_security.h"
 
 #include <limits.h>

src/core/tsi/ssl_types.h

@@ -29,6 +29,8 @@
 
 #include <grpc/support/port_platform.h>
 
+#include "src/core/tsi/grpc_shadow_boringssl.h"
+
 #include <openssl/ssl.h>
 
 #ifdef OPENSSL_IS_BORINGSSL

src/objective-c/examples/Sample/Podfile

@@ -19,7 +19,7 @@ target 'Sample' do
 
   pod 'Protobuf', :path => "#{GRPC_LOCAL_SRC}/third_party/protobuf"
 
-  pod 'BoringSSL', :podspec => "#{GRPC_LOCAL_SRC}/src/objective-c"
+  pod 'BoringSSL-GRPC', :podspec => "#{GRPC_LOCAL_SRC}/src/objective-c"
 
   pod 'gRPC', :path => GRPC_LOCAL_SRC
   pod 'gRPC-Core', :path => GRPC_LOCAL_SRC

src/objective-c/examples/SwiftSample/Podfile

@@ -19,7 +19,7 @@ target 'SwiftSample' do
 
   pod 'Protobuf', :path => "#{GRPC_LOCAL_SRC}/third_party/protobuf"
 
-  pod 'BoringSSL', :podspec => "#{GRPC_LOCAL_SRC}/src/objective-c"
+  pod 'BoringSSL-GRPC', :podspec => "#{GRPC_LOCAL_SRC}/src/objective-c"
 
   pod 'gRPC', :path => GRPC_LOCAL_SRC
   pod 'gRPC-Core', :path => GRPC_LOCAL_SRC

src/objective-c/tests/Connectivity/Podfile

@@ -10,7 +10,7 @@ target 'ConnectivityTestingApp' do
   pod 'gRPC-ProtoRPC/CFStream', :path => GRPC_LOCAL_SRC
   pod 'gRPC-RxLibrary', :path => GRPC_LOCAL_SRC
   pod 'Protobuf', :path => "#{GRPC_LOCAL_SRC}/third_party/protobuf"
-  pod 'BoringSSL', :podspec => "#{GRPC_LOCAL_SRC}/src/objective-c"
+  pod 'BoringSSL-GRPC', :podspec => "#{GRPC_LOCAL_SRC}/src/objective-c"
 end
 
 pre_install do |installer|

src/objective-c/tests/CronetUnitTests/CronetUnitTests.m

@@ -37,7 +37,9 @@
 #import "test/core/end2end/data/ssl_test_data.h"
 #import "test/core/util/test_config.h"
 
-#import <BoringSSL/openssl/ssl.h>
+#import "src/core/tsi/grpc_shadow_boringssl.h"
+
+#import <openssl/ssl.h>
 
 static void drain_cq(grpc_completion_queue *cq) {
   grpc_event ev;

src/objective-c/tests/Podfile

@@ -21,7 +21,7 @@ GRPC_LOCAL_SRC = '../../..'
     pod '!ProtoCompiler',            :path => "#{GRPC_LOCAL_SRC}/src/objective-c"
     pod '!ProtoCompiler-gRPCPlugin', :path => "#{GRPC_LOCAL_SRC}/src/objective-c"
 
-    pod 'BoringSSL',       :podspec => "#{GRPC_LOCAL_SRC}/src/objective-c", :inhibit_warnings => true
+    pod 'BoringSSL-GRPC',       :podspec => "#{GRPC_LOCAL_SRC}/src/objective-c", :inhibit_warnings => true
 
     pod 'gRPC',           :path => GRPC_LOCAL_SRC
     pod 'gRPC-Core',      :path => GRPC_LOCAL_SRC
@@ -47,7 +47,7 @@ end
     pod '!ProtoCompiler',            :path => "#{GRPC_LOCAL_SRC}/src/objective-c"
     pod '!ProtoCompiler-gRPCPlugin', :path => "#{GRPC_LOCAL_SRC}/src/objective-c"
 
-    pod 'BoringSSL',                 :podspec => "#{GRPC_LOCAL_SRC}/src/objective-c", :inhibit_warnings => true
+    pod 'BoringSSL-GRPC',                 :podspec => "#{GRPC_LOCAL_SRC}/src/objective-c", :inhibit_warnings => true
 
     pod 'gRPC/CFStream',             :path => GRPC_LOCAL_SRC
     pod 'gRPC-Core/CFStream-Implementation',       :path => GRPC_LOCAL_SRC
@@ -62,7 +62,7 @@ end
   CronetUnitTests
 ).each do |target_name|
   target target_name do
-    pod 'BoringSSL', :podspec => "#{GRPC_LOCAL_SRC}/src/objective-c", :inhibit_warnings => true
+    pod 'BoringSSL-GRPC', :podspec => "#{GRPC_LOCAL_SRC}/src/objective-c", :inhibit_warnings => true
     pod 'CronetFramework', :podspec => "#{GRPC_LOCAL_SRC}/src/objective-c"
     pod 'gRPC-Core', :path => GRPC_LOCAL_SRC
     pod 'gRPC-Core/Cronet-Interface', :path => GRPC_LOCAL_SRC

src/objective-c/tests/Tests.xcodeproj/project.pbxproj

@@ -1716,6 +1716,14 @@
 				DEBUG_INFORMATION_FORMAT = dwarf;
 				ENABLE_TESTABILITY = YES;
 				GCC_INPUT_FILETYPE = sourcecode.cpp.objcpp;
+				GCC_PREPROCESSOR_DEFINITIONS = (
+					"$(inherited)",
+					"COCOAPODS=1",
+					"$(inherited)",
+					"PB_FIELD_32BIT=1",
+					"PB_NO_PACKED_STRUCTS=1",
+					"GRPC_SHADOW_BORINGSSL_SYMBOLS=1",
+				);
 				INFOPLIST_FILE = CronetUnitTests/Info.plist;
 				IPHONEOS_DEPLOYMENT_TARGET = 9.3;
 				LD_RUNPATH_SEARCH_PATHS = "$(inherited) @executable_path/Frameworks @loader_path/Frameworks";

templates/gRPC-Core.podspec.template

@@ -174,8 +174,9 @@
       ss.header_mappings_dir = '.'
       ss.libraries = 'z'
       ss.dependency "#{s.name}/Interface", version
-      ss.dependency 'BoringSSL', '~> 10.0'
+      ss.dependency 'BoringSSL-GRPC', '0.0.1'
       ss.dependency 'nanopb', '~> 0.3'
+      ss.compiler_flags = '-DGRPC_SHADOW_BORINGSSL_SYMBOLS'
 
       # To save you from scrolling, this is the last part of the podspec.
       ss.source_files = ${ruby_multiline_list(grpc_private_files(libs), 22)}

templates/src/core/tsi/grpc_shadow_boringssl.h.template

@@ -0,0 +1,40 @@
+%YAML 1.2
+--- |
+  <%!
+  def expand_symbol_list(symbol_list):
+      return '\n'.join('#define %s GRPC_SHADOW_%s' % (symbol, symbol) for symbol in symbol_list)
+  %>
+  /*
+   *
+   * Copyright 2018 gRPC authors.
+   *
+   * Licensed under the Apache License, Version 2.0 (the "License");
+   * you may not use this file except in compliance with the License.
+   * You may obtain a copy of the License at
+   *
+   *     http://www.apache.org/licenses/LICENSE-2.0
+   *
+   * Unless required by applicable law or agreed to in writing, software
+   * distributed under the License is distributed on an "AS IS" BASIS,
+   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   * See the License for the specific language governing permissions and
+   * limitations under the License.
+   *
+   */
+
+  // This file is autogenerated from a template file. Please make
+  // modifications to
+  // `templates/src/objective-c/tsi/grpc_shadow_boringssl.h.template`
+  // instead. This file can be regenerated from the template by running
+  // `tools/buildgen/generate_projects.sh`.
+
+  #ifndef GRPC_CORE_TSI_GRPC_SHADOW_BORINGSSL_H
+  #define GRPC_CORE_TSI_GRPC_SHADOW_BORINGSSL_H
+
+  #ifdef GRPC_SHADOW_BORINGSSL_SYMBOLS
+  
+  ${expand_symbol_list(settings.grpc_shadow_boringssl_symbols)}
+
+  #endif /* GRPC_SHADOW_BORINGSSL_SYMBOLS */
+
+  #endif /* GRPC_CORE_TSI_GRPC_SHADOW_BORINGSSL_H */

test/core/iomgr/ios/CFStreamTests/Podfile

@@ -9,6 +9,7 @@ GRPC_LOCAL_SRC = '../../../../..'
 # Install the dependencies in the main target plus all test targets.
 target 'CFStreamTests' do
   pod 'gRPC-Core/CFStream-Implementation', :path => GRPC_LOCAL_SRC
+  pod 'BoringSSL-GRPC', :podspec => "#{GRPC_LOCAL_SRC}/src/objective-c", :inhibit_warnings => true
 end
 
 pre_install do |installer|

tools/buildgen/plugins/grpc_shadow_boringssl.py

@@ -0,0 +1,32 @@
+# Copyright 2018 gRPC authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+"""Buldigen generate grpc_shadow_boringssl headers
+This script takes the list of symbols from
+src/objective-c/grpc_shadow_boringssl_symbols and populate them in
+settings.grpc_shadow_boringssl_symbols
+"""
+
+
+def mako_plugin(dictionary):
+    with open('src/objective-c/grpc_shadow_boringssl_symbol_list') as f:
+        symbols = f.readlines()
+    # Remove trailing '\n'
+    symbols = [s.strip() for s in symbols]
+    # Remove comments
+    symbols = [s for s in symbols if s[0] != '#']
+    # Remove the commit number
+    del symbols[0]
+
+    settings = dictionary['settings']
+    settings['grpc_shadow_boringssl_symbols'] = symbols

tools/distrib/check_shadow_boringssl_symbol_list.sh

@@ -0,0 +1,32 @@
+#!/bin/bash
+# Copyright 2018 gRPC authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+
+# Check if the commit version of BoringSSL podspec, BoringSSL submodule, and
+# the shadowed symbol list are all based on the same BoringSSL commit.
+set -e
+
+cd $(dirname $0)
+
+boringssl_podspec_original="../../src/objective-c/BoringSSL-GRPC.podspec"
+symbol_list="../../src/objective-c/grpc_shadow_boringssl_symbol_list"
+
+# Check BoringSSL version matches
+ver1=$(git submodule |grep "boringssl " | awk '{print $1}' | head -n 1)
+ver2=$(cat $boringssl_podspec_original | grep ':commit =>' | sed -E 's/.*"(.*)".*/\1/g')
+ver3=$(cat $symbol_list | sed -n '2 p')
+[ $ver1 == $ver2 ] && [ $ver1 == $ver3 ] || { echo "BoringSSL podspec (src/objective-c/BoringSSL.podspec), BoringSSL submodule (third_party/boringssl), and BoringSSL symbol list (src/objective-c/grpc_shadow_boringssl_symbol_list) commit do not match." ; echo "BoringSSL podspec: $ver1" ; echo "BoringSSL submodule: $ver2" ; echo "BoringSSL symbol list: $ver3" ; exit 1 ; }
+
+exit 0

tools/distrib/generate_grpc_shadow_boringssl_symbol_list.sh

@@ -0,0 +1,45 @@
+#!/bin/bash
+# Copyright 2018 gRPC authors.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# Generate the list of boringssl symbols that need to be shadowed based on the
+# current boringssl submodule. Requires local toolchain to build boringssl.
+set -e
+
+cd $(dirname $0)
+
+symbol_list="../../src/objective-c/grpc_shadow_boringssl_symbol_list"
+
+ssl_lib='../../third_party/boringssl/build/ssl/libssl.a'
+crypto_lib='../../third_party/boringssl/build/crypto/libcrypto.a'
+
+# Generate boringssl archives
+( cd ../../third_party/boringssl ; mkdir -p build ; cd build ; cmake .. ; make )
+
+# Generate shadow_boringssl.h
+outputs="$(nm -C $ssl_lib)"$'\n'"$(nm -C $crypto_lib)"
+symbols=$(echo "$outputs" | 
+          grep '^[0-9a-f]* [A-Z] ' |               # Only public symbols
+          grep -v ' bssl::' |                      # Filter BoringSSL symbols since they are already namespaced
+          sed 's/(.*//g' |                         # Remove parenthesis from C++ symbols
+          grep '^[0-9a-f]* [A-Z] _' |              # Filter symbols that is not prefixed with '_'
+          sed 's/[0-9a-f]* [A-Z] _\(.*\)/\1/g')    # Extract the symbol names
+
+commit=$(git submodule | grep "boringssl " | awk '{print $1}' | head -n 1)
+
+echo "# Automatically generated by tools/distrib/generate_grpc_shadow_boringssl_symbol_list.sh" > $symbol_list
+echo $commit >> $symbol_list
+echo "$symbols" >> $symbol_list
+
+exit 0

tools/dockerfile/grpc_clang_format/clang_format_all_the_things.sh

@@ -29,7 +29,7 @@ for dir in $DIRS
 do
   for glob in $GLOB
   do
-    files="$files `find ${CLANG_FORMAT_ROOT}/$dir -name $glob -and -not -name '*.generated.*' -and -not -name '*.pb.h' -and -not -name '*.pb.c' -and -not -name '*.pb.cc' -and -not -name '*.pbobjc.h' -and -not -name '*.pbobjc.m' -and -not -name '*.pbrpc.h' -and -not -name '*.pbrpc.m' -and -not -name end2end_tests.cc -and -not -name end2end_nosec_tests.cc -and -not -name public_headers_must_be_c89.c`"
+    files="$files `find ${CLANG_FORMAT_ROOT}/$dir -name $glob -and -not -name '*.generated.*' -and -not -name '*.pb.h' -and -not -name '*.pb.c' -and -not -name '*.pb.cc' -and -not -name '*.pbobjc.h' -and -not -name '*.pbobjc.m' -and -not -name '*.pbrpc.h' -and -not -name '*.pbrpc.m' -and -not -name end2end_tests.cc -and -not -name end2end_nosec_tests.cc -and -not -name public_headers_must_be_c89.c -and -not -name grpc_shadow_boringssl.h`"
   done
 done
 

tools/doxygen/Doxyfile.core.internal

@@ -1501,6 +1501,7 @@ src/core/tsi/alts_transport_security.cc \
 src/core/tsi/alts_transport_security.h \
 src/core/tsi/fake_transport_security.cc \
 src/core/tsi/fake_transport_security.h \
+src/core/tsi/grpc_shadow_boringssl.h \
 src/core/tsi/local_transport_security.cc \
 src/core/tsi/local_transport_security.h \
 src/core/tsi/ssl/session_cache/ssl_session.h \

tools/run_tests/generated/sources_and_headers.json

@@ -9051,6 +9051,7 @@
       "alts_util", 
       "gpr", 
       "grpc_base", 
+      "grpc_shadow_boringssl", 
       "grpc_transport_chttp2_client_insecure", 
       "tsi", 
       "tsi_interface"
@@ -10337,6 +10338,7 @@
       "alts_tsi", 
       "gpr", 
       "grpc_base", 
+      "grpc_shadow_boringssl", 
       "grpc_transport_chttp2_alpn", 
       "tsi"
     ], 
@@ -10446,6 +10448,20 @@
     "third_party": false, 
     "type": "filegroup"
   }, 
+  {
+    "deps": [], 
+    "headers": [
+      "src/core/tsi/grpc_shadow_boringssl.h"
+    ], 
+    "is_filegroup": true, 
+    "language": "c", 
+    "name": "grpc_shadow_boringssl", 
+    "src": [
+      "src/core/tsi/grpc_shadow_boringssl.h"
+    ], 
+    "third_party": false, 
+    "type": "filegroup"
+  }, 
   {
     "deps": [
       "cmdline", 
@@ -10897,6 +10913,7 @@
     "deps": [
       "gpr", 
       "grpc_base", 
+      "grpc_shadow_boringssl", 
       "grpc_trace", 
       "tsi_interface"
     ], 

tools/run_tests/sanity/sanity_tests.yaml

@@ -22,4 +22,5 @@
 - script: tools/distrib/pylint_code.sh
 - script: tools/distrib/yapf_code.sh
 - script: tools/distrib/python/check_grpcio_tools.py
+- script: tools/distrib/check_shadow_boringssl_symbol_list.sh
   cpu_cost: 1000