Enable Control Flow Integrity for the official Linux Chrome.

build/config/sanitizers/sanitizers.gni

Index: build/config/sanitizers/sanitizers.gni
diff --git a/build/config/sanitizers/sanitizers.gni b/build/config/sanitizers/sanitizers.gni
index ddf28f127ff17f139ce3ccf8c2707465c41da079..a845da53cd4ad32fa5ba1d3a769b511423662bcc 100644
--- a/build/config/sanitizers/sanitizers.gni
+++ b/build/config/sanitizers/sanitizers.gni
@@ -2,6 +2,8 @@
 # Use of this source code is governed by a BSD-style license that can be
 # found in the LICENSE file.
 
+import("//build/config/chrome_build.gni")
+
 declare_args() {
   # Compile for Address Sanitizer to find memory bugs.
   is_asan = false
@@ -37,10 +39,6 @@ declare_args() {
   # https://code.google.com/p/sawbuck/wiki/SyzyASanHowTo
   is_syzyasan = false
 
-  # Compile with Control Flow Integrity to protect virtual calls and casts.
-  # See http://clang.llvm.org/docs/ControlFlowIntegrity.html
-  is_cfi = false
-
   # By default, Control Flow Integrity will crash the program if it detects a
   # violation. Set this to true to print detailed diagnostics instead.
   use_cfi_diag = false
@@ -54,6 +52,11 @@ declare_args() {
 # declare_args block. User overrides are only applied at the end of a
 # declare_args block.
 declare_args() {
+  # Compile with Control Flow Integrity to protect virtual calls and casts.
+  # See http://clang.llvm.org/docs/ControlFlowIntegrity.html
+  is_cfi = is_linux && !is_chromeos && target_cpu == "x64" &&
+           is_chrome_branded && is_official_build
+
   # Use libc++ (buildtools/third_party/libc++ and
   # buildtools/third_party/libc++abi) instead of stdlibc++ as standard library.
   # This is intended to be used for instrumented builds.