diff --git a/private/compat/26.0/26.0.ignore.cil b/private/compat/26.0/26.0.ignore.cil
index 8b9415ab38a2e115068240321cdcebb55c3606a9..b0b5f19b402947352f0b40cf972bb3e25b749508 100644
--- a/private/compat/26.0/26.0.ignore.cil
+++ b/private/compat/26.0/26.0.ignore.cil
@@ -62,6 +62,9 @@
     incident_helper
     incident_helper_exec
     kmsg_debug_device
+    llkd
+    llkd_exec
+    llkd_tmpfs
     last_boot_reason_prop
     mediaprovider_tmpfs
     netd_stable_secret_prop
diff --git a/private/compat/27.0/27.0.ignore.cil b/private/compat/27.0/27.0.ignore.cil
index 86aa8908880942d8b3401d55fe5d0519ec148aab..d2ab474775cc4536330991ec306b932bdb055e95 100644
--- a/private/compat/27.0/27.0.ignore.cil
+++ b/private/compat/27.0/27.0.ignore.cil
@@ -54,6 +54,9 @@
     incident_helper
     incident_helper_exec
     last_boot_reason_prop
+    llkd
+    llkd_exec
+    llkd_tmpfs
     lowpan_device
     lowpan_prop
     lowpan_service
diff --git a/private/file_contexts b/private/file_contexts
index 393993aa842ab7a20db8bb000d758d8b583520a3..b55fb9d381c357d2586c974ee35f4135523d75b5 100644
--- a/private/file_contexts
+++ b/private/file_contexts
@@ -249,6 +249,7 @@
 /system/bin/dnsmasq     u:object_r:dnsmasq_exec:s0
 /system/bin/healthd     u:object_r:healthd_exec:s0
 /system/bin/clatd	u:object_r:clatd_exec:s0
+/system/bin/llkd        u:object_r:llkd_exec:s0
 /system/bin/lmkd        u:object_r:lmkd_exec:s0
 /system/bin/usbd   u:object_r:usbd_exec:s0
 /system/bin/inputflinger u:object_r:inputflinger_exec:s0
diff --git a/private/genfs_contexts b/private/genfs_contexts
index eca489c28fb71e7f316552fd84354c90419671f0..c0769182613698dd0f6d285ae400322023c2b2a2 100644
--- a/private/genfs_contexts
+++ b/private/genfs_contexts
@@ -38,7 +38,7 @@ genfscon proc /sys/kernel/domainname u:object_r:proc_hostname:s0
 genfscon proc /sys/kernel/dmesg_restrict u:object_r:proc_security:s0
 genfscon proc /sys/kernel/hostname u:object_r:proc_hostname:s0
 genfscon proc /sys/kernel/hotplug u:object_r:usermodehelper:s0
-genfscon proc /sys/kernel/hung_task_timeout_secs u:object_r:proc_hung_task:s0
+genfscon proc /sys/kernel/hung_task_ u:object_r:proc_hung_task:s0
 genfscon proc /sys/kernel/kptr_restrict u:object_r:proc_security:s0
 genfscon proc /sys/kernel/modprobe u:object_r:usermodehelper:s0
 genfscon proc /sys/kernel/modules_disabled u:object_r:proc_security:s0
diff --git a/private/llkd.te b/private/llkd.te
new file mode 100644
index 0000000000000000000000000000000000000000..54c6d049b96183ec5b2d1c3400e44d11e15d3e8b
--- /dev/null
+++ b/private/llkd.te
@@ -0,0 +1,32 @@
+# llkd Live LocK Daemon
+typeattribute llkd coredomain;
+
+init_daemon_domain(llkd)
+
+allow llkd self:global_capability_class_set kill;
+
+# llkd optionally locks itself in memory, to prevent it from being
+# swapped out and unable to discover a kernel in live-lock state.
+allow llkd self:global_capability_class_set ipc_lock;
+
+# Send kill signals to _anyone_ suffering from Live Lock
+allow llkd domain:process sigkill;
+
+# live lock watchdog process allowed to look through /proc/
+allow llkd domain:dir r_dir_perms;
+allow llkd domain:file r_file_perms;
+allow llkd domain:lnk_file read;
+# Set /proc/sys/kernel/hung_task_*
+allow llkd proc_hung_task:file rw_file_perms;
+
+# live lock watchdog process allowed to dump process trace and
+# reboot because orderly shutdown may not be possible.
+allow llkd proc_sysrq:file w_file_perms;
+allow llkd kmsg_device:chr_file w_file_perms;
+
+### neverallow rules
+
+neverallow { domain -init } llkd:process { dyntransition transition };
+
+# never honor LD_PRELOAD
+neverallow * llkd:process noatsecure;
diff --git a/public/llkd.te b/public/llkd.te
new file mode 100644
index 0000000000000000000000000000000000000000..afc508d4f659e12169e97cc093d24b2e63be3cb2
--- /dev/null
+++ b/public/llkd.te
@@ -0,0 +1,3 @@
+# llkd Live LocK Daemon
+type llkd, domain, mlstrustedsubject;
+type llkd_exec, exec_type, file_type;