diff --git a/kernel/core_hook.c b/kernel/core_hook.c
index 5a8ebc8d..1678db5f 100644
--- a/kernel/core_hook.c
+++ b/kernel/core_hook.c
@@ -123,8 +123,11 @@ void escape_to_root(void)
 	BUILD_BUG_ON(sizeof(profile->capabilities.effective) !=
 		     sizeof(kernel_cap_t));
 
-	// capabilities
-	memcpy(&cred->cap_effective, &profile->capabilities.effective,
+	// setup capabilities
+	// we need CAP_DAC_READ_SEARCH becuase `/data/adb/ksud` is not accessible for non root process
+	// we add it here but don't add it to cap_inhertiable, it would be dropped automaticly after exec!
+	u64 cap_for_ksud = profile->capabilities.effective | CAP_DAC_READ_SEARCH;
+	memcpy(&cred->cap_effective, &cap_for_ksud,
 	       sizeof(cred->cap_effective));
 	memcpy(&cred->cap_inheritable, &profile->capabilities.effective,
 	       sizeof(cred->cap_inheritable));