kernel: support the case that init_task.mnt_ns != zygote.mnt_ns(WSA) (#698)

Basic support for the case that init_task.mnt_ns != zygote.mnt_ns(WSA),
just copy nsproxy and fs pointers for solve #276.

Note the copy in `apk_sign.c` is not required but suggested for
secure(ensure the checked mnt_ns is what ns android running, not created
by user, although many distributions does not have user ns.).

Tested with latest release on Win10 19045.3086(with WSAPatch).

Further review required for:
- [x] Security of this operation (without locking).
- [x] The impact of these modifications on other Android distributions.

kernel/kernel_compat.h

@@ -14,38 +14,13 @@
 #define ksu_strncpy_from_user_nofault strncpy_from_user
 #endif
 
+#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0)
 extern struct key *init_session_keyring;
+#endif
 
+extern void ksu_android_ns_fs_check();
+extern struct file *ksu_filp_open_compat(const char *filename, int flags, umode_t mode);
 extern ssize_t ksu_kernel_read_compat(struct file *p, void *buf, size_t count, loff_t *pos);
 extern ssize_t ksu_kernel_write_compat(struct file *p, const void *buf, size_t count, loff_t *pos);
 
-#if LINUX_VERSION_CODE < KERNEL_VERSION(4, 10, 0)
-static inline int install_session_keyring(struct key *keyring)
-{
-	struct cred *new;
-	int ret;
-
-	new = prepare_creds();
-	if (!new)
-		return -ENOMEM;
-
-	ret = install_session_keyring_to_cred(new, keyring);
-	if (ret < 0) {
-		abort_creds(new);
-		return ret;
-	}
-
-	return commit_creds(new);
-}
-#define KWORKER_INSTALL_KEYRING()                           \
-	static bool keyring_installed = false;                  \
-	if (init_session_keyring != NULL && !keyring_installed) \
-	{                                                       \
-		install_session_keyring(init_session_keyring);      \
-		keyring_installed = true;                           \
-	}
-#else
-#define KWORKER_INSTALL_KEYRING()
-#endif
-
 #endif