Index: include/sanitizer/dfsan_interface.h
===================================================================
--- include/sanitizer/dfsan_interface.h
+++ include/sanitizer/dfsan_interface.h
@@ -39,6 +39,9 @@
   void *userdata;
 };
 
+/// Signature of the callback argument to dfsan_set_labeled_write_callback().
+typedef void (*dfsan_write_callback_t)(int fd, const void *buf, size_t count);
+
 /// Computes the union of \c l1 and \c l2, possibly creating a union label in
 /// the process.
 dfsan_label dfsan_union(dfsan_label l1, dfsan_label l2);
@@ -77,6 +80,13 @@
 /// Returns the number of labels allocated.
 size_t dfsan_get_label_count(void);
 
+/// Sets a callback to be invoked when labeled data is passed to write().
+/// The callback is invoked before the write is done.  The write is not
+/// guaranteed to succeed when the callback executes.  Pass in NULL to remove
+/// any callback.  Returns the previous callback value.
+dfsan_write_callback_t dfsan_set_labeled_write_callback(
+    dfsan_write_callback_t labeled_write_callback);
+
 #ifdef __cplusplus
 }  // extern "C"
 
Index: lib/dfsan/dfsan.h
===================================================================
--- lib/dfsan/dfsan.h
+++ lib/dfsan/dfsan.h
@@ -20,6 +20,8 @@
 // Copy declarations from public sanitizer/dfsan_interface.h header here.
 typedef u16 dfsan_label;
 
+typedef void (*dfsan_write_callback_t)(int fd, const void *buf, uptr count);
+
 struct dfsan_label_info {
   dfsan_label l1;
   dfsan_label l2;
Index: lib/dfsan/dfsan.cc
===================================================================
--- lib/dfsan/dfsan.cc
+++ lib/dfsan/dfsan.cc
@@ -248,6 +248,22 @@
   ParseFlag(env, &f.strict_data_dependencies, "strict_data_dependencies", "");
 }
 
+// Used in dfsan_custom.cc to implement the custom version of write().
+dfsan_write_callback_t dfsan_labeled_write_callback;
+
+extern "C" SANITIZER_INTERFACE_ATTRIBUTE dfsan_write_callback_t
+dfsan_set_labeled_write_callback(
+    dfsan_write_callback_t labeled_write_callback) {
+  // TODO(skerner): Consider using atomic memory operations to avoid racing
+  // calls leaving dfsan_labeled_write_callback in an inconsistent state.
+  dfsan_write_callback_t previous_write_callback = dfsan_labeled_write_callback;
+
+  dfsan_labeled_write_callback = labeled_write_callback;
+
+  return previous_write_callback;
+}
+
+
 #ifdef DFSAN_NOLIBC
 extern "C" void dfsan_init() {
 #else
Index: lib/dfsan/dfsan_custom.cc
===================================================================
--- lib/dfsan/dfsan_custom.cc
+++ lib/dfsan/dfsan_custom.cc
@@ -800,4 +800,30 @@
   }
   return ret;
 }
+
+// Defined in dfsan.cc
+extern dfsan_write_callback_t dfsan_labeled_write_callback;
+
+SANITIZER_INTERFACE_ATTRIBUTE int
+__dfsw_write(int fd, const void *buf, size_t count) {
+  if (dfsan_labeled_write_callback != NULL) {
+    // If any label is set in |buf|, invoke the callback.
+    int found_label = 0;
+    const char* buf_as_char = static_cast<const char*>(buf);
+    for (size_t i = 0; i < count && !found_label; ++i) {
+      const void* addr = reinterpret_cast<const void*>(&buf_as_char[i]);
+      if (dfsan_read_label(addr, 1) != 0) {
+        found_label = 1;
+      }
+    }
+
+    if (found_label) {
+      (*dfsan_labeled_write_callback)(fd, buf, count);
+    }
+  }
+
+
+  int ret = write(fd, buf, count);
+  return ret;
+}
 }
Index: lib/dfsan/done_abilist.txt
===================================================================
--- lib/dfsan/done_abilist.txt
+++ lib/dfsan/done_abilist.txt
@@ -24,6 +24,8 @@
 fun:dfsan_has_label=discard
 fun:dfsan_has_label_with_desc=uninstrumented
 fun:dfsan_has_label_with_desc=discard
+fun:dfsan_set_labeled_write_callback=uninstrumented
+fun:dfsan_set_labeled_write_callback=discard
 
 ###############################################################################
 # glibc
@@ -142,7 +144,6 @@
 fun:syscall=discard
 fun:unlink=discard
 fun:uselocale=discard
-fun:write=discard
 
 # Functions that produce output does not depend on the input (need to zero the
 # shadow manually).
@@ -192,6 +193,12 @@
 fun:strrchr=custom
 fun:strstr=custom
 
+# Functions which have custom implementations which should take action based
+# on the presence of labels in their inputs.  For example, invoke a user-defined
+# callback if labels are present.
+fun:write=custom
+
+
 # Functions that take a callback (wrap the callback manually).
 fun:dl_iterate_phdr=custom
 
Index: test/dfsan/custom.c
===================================================================
--- test/dfsan/custom.c
+++ test/dfsan/custom.c
@@ -702,6 +702,31 @@
   ASSERT_READ_ZERO_LABEL(fd, sizeof(fd));
 }
 
+static int writeCallbackCount = 0;
+void writeCallback(int fd, const void *buf, size_t count) {
+  writeCallbackCount++;
+}
+
+void test_write() {
+  char buf[] = "Sample chars";
+  int buf_len = strlen(buf);
+
+  int fd = open("/dev/null", O_WRONLY);
+
+  dfsan_set_labeled_write_callback(writeCallback);
+
+  writeCallbackCount = 0;
+
+  // No label implies no callback.
+  write(fd, buf, buf_len);
+  assert(writeCallbackCount == 0);
+
+  // Add a label, expect a callback.
+  dfsan_set_label(j_label, buf, 1);  
+  write(fd, buf, buf_len);
+  assert(writeCallbackCount == 1);
+}
+
 int main(void) {
   i_label = dfsan_create_label("i", 0);
   j_label = dfsan_create_label("j", 0);
@@ -755,4 +780,5 @@
   test_strtoul();
   test_strtoull();
   test_time();
+  test_write();
 }
Index: test/dfsan/write_callback.c
===================================================================
--- /dev/null
+++ test/dfsan/write_callback.c
@@ -0,0 +1,113 @@
+// RUN: %clang_dfsan                        -m64 %s -o %t && %t %T/file1.txt
+// RUN: %clang_dfsan -mllvm -dfsan-args-abi -m64 %s -o %t && %t %T/file2.txt
+
+// Tests that callback installed with dfsan_set_labeled_write_callback() is
+// called when labeled data is passed in to write().
+
+#include <sanitizer/dfsan_interface.h>
+
+#include <assert.h>
+#include <fcntl.h>
+#include <string.h>
+#include <unistd.h>
+
+// Check write callback arguments by having the callback store them in
+// the following variables:
+static int last_callback_arg_fd;
+static const void *last_callback_arg_buf;
+static size_t last_callback_arg_count;
+
+// Allow tests to check the number of callbacks made by incrementing
+// this count.  When callbacks are verified, the count is reset.
+static int count_unverified_callbacks = 0;
+
+static void writeCallback(int fd, const void *buf, size_t count) {
+  // Do not do anything in this function that might call write()!
+  count_unverified_callbacks++;
+
+  last_callback_arg_fd = fd;
+  last_callback_arg_buf = buf;
+  last_callback_arg_count = count;
+}
+
+static void checkCallbackHadArgs(int fd, const void *buf, size_t count) {
+  assert(count_unverified_callbacks == 1);
+  count_unverified_callbacks = 0;
+
+  assert(fd == last_callback_arg_fd);
+  assert(buf == last_callback_arg_buf);
+  assert(count == last_callback_arg_count);
+}
+
+int main(int argc, char* argv[]) {
+  assert(argc == 2);  // Expect a path to a file we can write.
+
+  // Create a labeled int.  It will be used to derive a byte in strings
+  // passed to write().
+  int data = 1;
+  dfsan_label data_label = dfsan_create_label("data", 0);
+  dfsan_set_label(data_label, &data, sizeof(data));
+
+  char text_without_label[] = "This text will not be labeled.\n";
+
+  char text_with_labeled_byte[] = "This text will be labeled directly.\n";
+  text_with_labeled_byte[15] = (char)('a' + data);
+
+  char text_with_derived_label[] = "This text will be labeled indirectly.\n";
+  text_with_derived_label[15] = text_with_labeled_byte[15];
+
+  mode_t mode = S_IRUSR | S_IWUSR;
+  int fd = open(argv[1], O_WRONLY | O_CREAT | O_TRUNC, mode);
+  assert(fd != -1);
+
+  // Before we install a callback, writing labeled data should have no effect.
+  int length = strlen(text_with_labeled_byte);
+  write(fd, text_with_labeled_byte, length);
+
+  // Install a callback.  Check that the callback being replaced is NULL.
+  dfsan_write_callback_t previous_callback = NULL;
+  previous_callback = dfsan_set_labeled_write_callback(writeCallback);
+  assert(previous_callback == NULL);
+
+  // Write the text.  We don't care if the write succeeded:  The callback
+  // is run before the actual write, so it gets invoked even if the write
+  // of the labeled bytes fails.
+  length = strlen(text_without_label);
+  write(fd, text_without_label, length);
+  assert(count_unverified_callbacks == 0);
+
+  length = strlen(text_with_labeled_byte);
+  write(fd, text_with_labeled_byte, length);
+  checkCallbackHadArgs(fd, text_with_labeled_byte, length);
+
+  length = strlen(text_with_derived_label);
+  write(fd, text_with_derived_label, length);
+  checkCallbackHadArgs(fd, text_with_derived_label, length);
+
+  // Uninstall the callback.
+  previous_callback = dfsan_set_labeled_write_callback(NULL);
+  assert(previous_callback == writeCallback);
+
+  // Write labeled data.  Callback should not be invoked.
+  length = strlen(text_with_derived_label);
+  write(fd, text_with_derived_label, length);
+  assert(0 == count_unverified_callbacks);
+
+  close(fd);
+
+  // Open the file in read-only mode.
+  fd = open(argv[1], O_RDONLY);
+  assert(fd != -1);
+
+  // Install the callback.
+  previous_callback = dfsan_set_labeled_write_callback(writeCallback);
+  assert(previous_callback == NULL);
+
+  // Write to the read-only file handle.  The write will fail, but the callback
+  // should still be invoked.
+  int write_result = write(fd, text_with_labeled_byte, length);
+  assert(write_result == -1);
+  checkCallbackHadArgs(fd, text_with_labeled_byte, length);
+
+  close(fd);
+}