Index: include/sanitizer/dfsan_interface.h
===================================================================
--- include/sanitizer/dfsan_interface.h
+++ include/sanitizer/dfsan_interface.h
@@ -39,6 +39,9 @@
   void *userdata;
 };
 
+/// Signature of the callback argument to dfsan_set_write_callback().
+typedef void (*dfsan_write_callback_t)(int fd, const void *buf, size_t count);
+
 /// Computes the union of \c l1 and \c l2, possibly creating a union label in
 /// the process.
 dfsan_label dfsan_union(dfsan_label l1, dfsan_label l2);
@@ -77,6 +80,13 @@
 /// Returns the number of labels allocated.
 size_t dfsan_get_label_count(void);
 
+/// Sets a callback to be invoked on calls to write().  The callback is invoked
+/// before the write is done.  The write is not guaranteed to succeed when the
+/// callback executes.  Pass in NULL to remove any callback.  Returns the
+/// previous callback value.
+dfsan_write_callback_t dfsan_set_write_callback(
+    dfsan_write_callback_t labeled_write_callback);
+
 #ifdef __cplusplus
 }  // extern "C"
 
Index: lib/dfsan/dfsan.h
===================================================================
--- lib/dfsan/dfsan.h
+++ lib/dfsan/dfsan.h
@@ -20,6 +20,8 @@
 // Copy declarations from public sanitizer/dfsan_interface.h header here.
 typedef u16 dfsan_label;
 
+typedef void (*dfsan_write_callback_t)(int fd, const void *buf, uptr count);
+
 struct dfsan_label_info {
   dfsan_label l1;
   dfsan_label l2;
Index: lib/dfsan/dfsan_custom.cc
===================================================================
--- lib/dfsan/dfsan_custom.cc
+++ lib/dfsan/dfsan_custom.cc
@@ -800,4 +800,59 @@
   }
   return ret;
 }
+
+// Type of the trampoline function passed to the custom version of
+// dfsan_set_write_callback.
+typedef void (*write_trampoline_t)(
+    void *callback,
+    int fd, const void *buf, ssize_t count,
+    dfsan_label fd_label, dfsan_label buf_label, dfsan_label count_label);
+
+// Calls to dfsan_set_write_callback() set the values in this struct.
+// Calls to the custom version of write() read (and invoke) them.
+static struct {
+  write_trampoline_t write_callback_trampoline = NULL;
+  dfsan_write_callback_t write_callback = NULL;
+} write_callback_info;
+
+SANITIZER_INTERFACE_ATTRIBUTE dfsan_write_callback_t
+__dfsw_dfsan_set_write_callback(
+    write_trampoline_t write_callback_trampoline,
+    dfsan_write_callback_t write_callback,
+    dfsan_label write_callback_label,
+    dfsan_label *ret_label) {
+  // TODO(skerner): Consider using atomic memory operations to avoid racing
+  // calls leaving dfsan_labeled_write_callback in an inconsistent state.
+  dfsan_write_callback_t previous_write_callback =
+      write_callback_info.write_callback;
+
+  write_callback_info.write_callback_trampoline = write_callback_trampoline;
+  write_callback_info.write_callback = write_callback;
+
+  return previous_write_callback;
+}
+
+SANITIZER_INTERFACE_ATTRIBUTE int
+__dfsw_write(int fd, const void *buf, size_t count,
+             dfsan_label fd_label, dfsan_label buf_label,
+             dfsan_label count_label, dfsan_label *ret_label) {
+  if (write_callback_info.write_callback != NULL) {
+    write_callback_info.write_callback_trampoline(
+        ((void*)write_callback_info.write_callback),
+        fd, buf, count,
+        fd_label, buf_label, count_label);
+  }
+
+  int ret = write(fd, buf, count);
+
+  dfsan_label result_label = 0;
+  if (flags().strict_data_dependencies) {
+    result_label = dfsan_read_label(buf, count);
+    result_label = dfsan_union(result_label, fd_label);
+    result_label = dfsan_union(result_label, count_label);
+  }
+  *ret_label = result_label;
+
+  return ret;
+}
 }
Index: lib/dfsan/done_abilist.txt
===================================================================
--- lib/dfsan/done_abilist.txt
+++ lib/dfsan/done_abilist.txt
@@ -24,6 +24,8 @@
 fun:dfsan_has_label=discard
 fun:dfsan_has_label_with_desc=uninstrumented
 fun:dfsan_has_label_with_desc=discard
+fun:dfsan_set_write_callback=uninstrumented
+fun:dfsan_set_write_callback=custom
 
 ###############################################################################
 # glibc
@@ -142,7 +144,6 @@
 fun:syscall=discard
 fun:unlink=discard
 fun:uselocale=discard
-fun:write=discard
 
 # Functions that produce output does not depend on the input (need to zero the
 # shadow manually).
@@ -192,6 +193,10 @@
 fun:strrchr=custom
 fun:strstr=custom
 
+# Functions which take action based on global state, such as running a callback
+# set by a separate function.
+fun:write=custom
+
 # Functions that take a callback (wrap the callback manually).
 fun:dl_iterate_phdr=custom
 
Index: test/dfsan/custom.c
===================================================================
--- test/dfsan/custom.c
+++ test/dfsan/custom.c
@@ -702,6 +702,94 @@
   ASSERT_READ_ZERO_LABEL(fd, sizeof(fd));
 }
 
+static int write_callback_count = 0;
+void write_callback(int fd, const void *buf, size_t count) {
+  write_callback_count++;
+}
+
+void test_write() {
+  char buf[] = "Sample chars";
+  int buf_len = strlen(buf);
+
+  int fd = open("/dev/null", O_WRONLY);
+
+  dfsan_set_write_callback(write_callback);
+
+  write_callback_count = 0;
+
+  // Callback should be invoked even if no data is labeled.
+  int res = write(fd, buf, buf_len);
+  assert(write_callback_count == 1);
+  ASSERT_READ_ZERO_LABEL(&res, sizeof(res));
+
+  // Add a label to buf[3].
+  dfsan_set_label(i_label, &(buf[3]), 1);
+  res = write(fd, buf, buf_len);
+  assert(write_callback_count == 2);
+#ifdef STRICT_DATA_DEPENDENCIES
+  ASSERT_READ_LABEL(&res, sizeof(res), i_label);
+#else
+  ASSERT_READ_ZERO_LABEL(&res, sizeof(res));
+#endif
+
+  buf[3] = 'S';  // Clear the label on buf[3].
+  dfsan_set_label(j_label, &fd, sizeof(fd));  // Set a label on fd.  
+  res = write(fd, buf, buf_len);
+  assert(write_callback_count == 3);
+  ASSERT_READ_ZERO_LABEL(&(buf[3]), 1);
+
+#ifdef STRICT_DATA_DEPENDENCIES
+  ASSERT_READ_LABEL(&res, sizeof(res), j_label);
+#else
+  ASSERT_READ_ZERO_LABEL(&res, sizeof(res));
+#endif
+
+  // The presence of a callback should make no difference to
+  // the label values returned.
+  dfsan_set_write_callback(NULL);
+
+  // Label the count argument to write().
+  int labeled_buf_len = buf_len;
+  dfsan_set_label(i_label, &labeled_buf_len, sizeof(labeled_buf_len));
+  res = write(fd, buf, labeled_buf_len);
+  assert(write_callback_count == 3);
+
+  // fd and count are labeled.  In strict mode, the output is the
+  // union of their labels.
+#ifdef STRICT_DATA_DEPENDENCIES
+  ASSERT_READ_LABEL(&res, sizeof(res), i_j_label);
+#else
+  ASSERT_READ_ZERO_LABEL(&res, sizeof(res));
+#endif
+
+  // All arguments to write() get labled data.
+  dfsan_set_label(i_label, &(buf[6]), 2);
+  res = write(fd, buf, buf_len);
+  assert(write_callback_count == 3);
+
+#ifdef STRICT_DATA_DEPENDENCIES
+  ASSERT_READ_LABEL(&res, sizeof(res), i_j_label);
+#else
+  ASSERT_READ_ZERO_LABEL(&res, sizeof(res));
+#endif
+}
+
+void test_dfsan_set_write_callback() {
+  dfsan_write_callback_t previous_callback;
+
+  // The function under test adds a callback invoked by write().  test_write()
+  // verifies that the set callback is invoked.  This function tests aspects of
+  // dfsan_set_write_callback() that do not involve calling write().
+
+  // Check that when setting a new callback, the previous callback
+  // is returned.
+  previous_callback = dfsan_set_write_callback(write_callback);
+  assert(NULL == previous_callback);
+
+  previous_callback = dfsan_set_write_callback(NULL);
+  assert(write_callback == previous_callback);
+}
+
 int main(void) {
   i_label = dfsan_create_label("i", 0);
   j_label = dfsan_create_label("j", 0);
@@ -755,4 +843,6 @@
   test_strtoul();
   test_strtoull();
   test_time();
+  test_write();
+  test_dfsan_set_write_callback();
 }
Index: test/dfsan/write_callback.c
===================================================================
--- test/dfsan/write_callback.c
+++ test/dfsan/write_callback.c
@@ -0,0 +1,171 @@
+// RUN: %clang_dfsan                                                   -m64 %s -o %t && \
+// RUN: DFSAN_OPTIONS="strict_data_dependencies=0" %t %T/file1.txt
+// RUN: %clang_dfsan                            -mllvm -dfsan-args-abi -m64 %s -o %t && \
+// RUN: DFSAN_OPTIONS="strict_data_dependencies=0" %t %T/file2.txt
+// RUN: %clang_dfsan -DSTRICT_DATA_DEPENDENCIES                        -m64 %s -o %t && \
+// RUN:  %t %T/file3.txt
+// RUN: %clang_dfsan -DSTRICT_DATA_DEPENDENCIES -mllvm -dfsan-args-abi -m64 %s -o %t && \
+// RUN: %t %T/file4.txt
+
+// Tests that callback installed with dfsan_set_write_callback() is
+// called when labeled data is passed in to write().
+
+#include <sanitizer/dfsan_interface.h>
+
+#include <assert.h>
+#include <errno.h>
+#include <fcntl.h>
+#include <string.h>
+#include <unistd.h>
+
+// Check write callback arguments by having the callback store them in
+// the following variables:
+static int last_callback_arg_fd;
+static const void *last_callback_arg_buf;
+static size_t last_callback_arg_count;
+
+// Allow tests to check the number of callbacks made by incrementing
+// this count.  When callbacks are verified, the count is reset.
+static int count_unverified_callbacks = 0;
+
+static void write_callback(int fd, const void *buf, size_t count) {
+  // Do not do anything in this function that might call write().
+  count_unverified_callbacks++;
+
+  last_callback_arg_fd = fd;
+  last_callback_arg_buf = buf;
+  last_callback_arg_count = count;
+}
+
+static int open_empty_file(char* filePath) {
+  mode_t mode = S_IRUSR | S_IWUSR;
+  int fd = open(filePath, O_WRONLY | O_CREAT | O_TRUNC, mode);
+  assert(fd != -1);
+  return fd;
+}
+
+static void write_string_to_file(char *filePath, char *string) {
+  int fd = open_empty_file(filePath);
+
+  char *cur = string;
+  int bytes_left = strlen(string);
+  while (bytes_left > 0) {
+    int res = write(fd, cur, bytes_left);
+    assert (res >= 0);
+    cur += res;
+    bytes_left -= res;
+  }
+
+  close(fd);
+}
+
+static int read_string_from_file(char* filePath, char* buf, int byteLimit) {
+  int fd = open(filePath, O_RDONLY);
+
+  char* cur = buf;
+  int bytesRead = 0;
+  while (bytesRead < byteLimit) {
+    int result = read(fd, cur, byteLimit - bytesRead);
+    assert(result >= 0);
+
+    if (result == 0)
+      break;  // End of file.
+
+    cur += result;
+    bytesRead += result;
+  }
+
+  close(fd);
+  return bytesRead;
+}
+
+static int compare_file_to_string(char *filePath, char *string) {
+  // Read one more byte than the length of the expected string.  If the file has
+  // extra data, comparing the exta byte will ensure that the comparison fails.
+  int lengthToRead = strlen(string) + 1;
+  char stringFromFile[lengthToRead];
+  read_string_from_file(filePath, stringFromFile, lengthToRead);
+  return strcmp(string, stringFromFile);
+}
+
+void test_can_write_without_callback(char* filePath) {
+  dfsan_set_write_callback(NULL);
+  count_unverified_callbacks = 0;
+
+  char aString[] = "I am a string.";
+  write_string_to_file(filePath, aString);
+  assert(0 == compare_file_to_string(filePath, aString));
+
+  assert(count_unverified_callbacks == 0);
+}
+
+void test_can_write_with_callback(char* filePath) {
+  dfsan_set_write_callback(NULL);
+
+  // Install a callback.  Check that the callback being replaced is NULL.
+  dfsan_write_callback_t previous_callback =
+      dfsan_set_write_callback(write_callback);
+  assert(NULL == previous_callback);
+
+  count_unverified_callbacks = 0;
+
+  char aString[] = "I am a string.";
+  write_string_to_file(filePath, aString);
+  assert(0 == compare_file_to_string(filePath, aString));
+
+  // Data was written to the file, so at least one call to write() was made.
+  // Because a write may not process all the bytes it is passed, there
+  // may have been several calls to write.
+  assert(count_unverified_callbacks > 0);
+  count_unverified_callbacks = 0;
+
+  previous_callback = dfsan_set_write_callback(NULL);
+  assert(write_callback == previous_callback);
+}
+
+void test_failing_write_runs_callback(char* filePath) {
+  // Open the file in read-only mode.
+  int fd = open(filePath, O_RDONLY);
+  assert(fd != -1);
+
+  // Install the callback.
+  dfsan_set_write_callback(write_callback);
+
+  int data = 1;
+  dfsan_label data_label = dfsan_create_label("data", 0);
+  dfsan_set_label(data_label, &data, sizeof(data));
+
+  char text_with_label[] = "This text will be labeled\n";
+  text_with_label[15] = (char)('a' + data);
+
+  // Write to the read-only file handle.  The write will fail, but the callback
+  // should still be invoked.
+  int len = strlen(text_with_label);
+  int write_result = write(fd, text_with_label, len);
+  assert(write_result == -1);
+
+  assert(count_unverified_callbacks == 1);
+  count_unverified_callbacks = 0;
+
+  assert(fd == last_callback_arg_fd);
+  assert(text_with_label == last_callback_arg_buf);
+  assert(len == last_callback_arg_count);
+
+  assert(data_label == dfsan_read_label(last_callback_arg_buf, len));
+#ifdef STRICT_DATA_DEPENDENCIES
+  assert(data_label == dfsan_read_label(&write_result, sizeof(write_result)));
+#else
+  assert(0 == dfsan_read_label(&write_result, sizeof(write_result)));
+#endif
+
+  close(fd);
+}
+
+int main(int argc, char* argv[]) {
+  assert(argc == 2);  // Expect a path to a file we can write.
+  char *filepath = argv[1];
+
+  test_can_write_without_callback(filepath);
+  test_can_write_with_callback(filepath);
+  test_failing_write_runs_callback(filepath);
+}