diff --git a/kernel/app_profile.c b/kernel/app_profile.c
index 3a70f61d..fe0dbacc 100644
--- a/kernel/app_profile.c
+++ b/kernel/app_profile.c
@@ -13,7 +13,6 @@
 #include "selinux/selinux.h"
 #include "syscall_hook_manager.h"
 #include "sucompat.h"
-
 #include "sulog.h"
 
 #if LINUX_VERSION_CODE >= KERNEL_VERSION (6, 7, 0)
@@ -167,6 +166,39 @@ void escape_with_root_profile(void)
 
 #ifdef CONFIG_KSU_MANUAL_SU
 
+#include "ksud.h"
+
+#ifndef DEVPTS_SUPER_MAGIC
+#define DEVPTS_SUPER_MAGIC    0x1cd1
+#endif
+
+static int __manual_su_handle_devpts(struct inode *inode)
+{
+    if (!current->mm) {
+        return 0;
+    }
+
+    uid_t uid = current_uid().val;
+    if (uid % 100000 < 10000) {
+        // not untrusted_app, ignore it
+        return 0;
+    }
+
+    if (likely(!ksu_is_allow_uid_for_current(uid)))
+        return 0;
+
+#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 1, 0) || defined(KSU_OPTIONAL_SELINUX_INODE)
+        struct inode_security_struct *sec = selinux_inode(inode);
+#else
+        struct inode_security_struct *sec =
+            (struct inode_security_struct *)inode->i_security;
+#endif
+    if (ksu_file_sid && sec)
+        sec->sid = ksu_file_sid;
+
+    return 0;
+}
+
 static void disable_seccomp_for_task(struct task_struct *tsk)
 {
     if (!tsk->seccomp.filter && tsk->seccomp.mode == SECCOMP_MODE_DISABLED)
@@ -271,7 +303,7 @@ void escape_to_root_for_cmd_su(uid_t target_uid, pid_t target_pid)
     if (target_task->signal->tty) {
         struct inode *inode = target_task->signal->tty->driver_data;
         if (inode && inode->i_sb->s_magic == DEVPTS_SUPER_MAGIC) {
-            __ksu_handle_devpts(inode);
+            __manual_su_handle_devpts(inode);
         }
     }
 
diff --git a/kernel/app_profile.h b/kernel/app_profile.h
index 80b2f916..46cfbcd8 100644
--- a/kernel/app_profile.h
+++ b/kernel/app_profile.h
@@ -2,6 +2,7 @@
 #define __KSU_H_APP_PROFILE
 
 #include <linux/types.h>
+#include "objsec.h"
 
 // Forward declarations
 struct cred;
diff --git a/kernel/sucompat.c b/kernel/sucompat.c
index 97e00082..028454a1 100644
--- a/kernel/sucompat.c
+++ b/kernel/sucompat.c
@@ -193,39 +193,6 @@ int ksu_handle_execve_sucompat(const char __user **filename_user,
     return 0;
 }
 
-int __ksu_handle_devpts(struct inode *inode)
-{
-
-#ifdef KSU_MANUAL_HOOK
-    if (!ksu_su_compat_enabled)
-        return 0;
-#endif
-
-    if (!current->mm) {
-        return 0;
-    }
-
-    uid_t uid = current_uid().val;
-    if (uid % 100000 < 10000) {
-        // not untrusted_app, ignore it
-        return 0;
-    }
-
-    if (likely(!ksu_is_allow_uid_for_current(uid)))
-        return 0;
-
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(5, 1, 0) || defined(KSU_OPTIONAL_SELINUX_INODE)
-        struct inode_security_struct *sec = selinux_inode(inode);
-#else
-        struct inode_security_struct *sec =
-            (struct inode_security_struct *)inode->i_security;
-#endif
-    if (ksu_file_sid && sec)
-        sec->sid = ksu_file_sid;
-
-    return 0;
-}
-
 // sucompat: permitted process can execute 'su' to gain root access.
 void ksu_sucompat_init()
 {
diff --git a/kernel/syscall_hook_manager.c b/kernel/syscall_hook_manager.c
index 9eba26e2..d39b5959 100644
--- a/kernel/syscall_hook_manager.c
+++ b/kernel/syscall_hook_manager.c
@@ -208,7 +208,6 @@ static inline bool check_syscall_fastpath(int nr)
     case __NR_faccessat:
     case __NR_execve:
     case __NR_setresuid:
-    case __NR_faccessat2:
     case __NR_clone:
     case __NR_clone3:
         return true;
@@ -235,38 +234,13 @@ int ksu_handle_init_mark_tracker(const char __user **filename_user,
 
     return 0;
 }
-
-#include "ksud.h"
 #ifdef CONFIG_KSU_MANUAL_SU
 #include "manual_su.h"
-#endif
-
-#ifndef LOOKUP_FOLLOW
-#define LOOKUP_FOLLOW 0x0001
-#endif
-
-static inline void ksu_handle_inode_permission(struct pt_regs *regs)
-{
-    struct inode *inode = NULL;
-    struct path path;
-    int dfd = (int)PT_REGS_PARM1(regs);
-    const char __user *filename = (const char __user *)PT_REGS_PARM2(regs);
-
-    if (!user_path_at(dfd, filename, LOOKUP_FOLLOW, &path)) {
-        inode = path.dentry->d_inode;
-        if (inode && inode->i_sb &&
-            unlikely(inode->i_sb->s_magic == DEVPTS_SUPER_MAGIC))
-            __ksu_handle_devpts(inode);
-        path_put(&path);
-    }
-}
-
 static inline void ksu_handle_task_alloc(struct pt_regs *regs)
 {
-#ifdef CONFIG_KSU_MANUAL_SU
     ksu_try_escalate_for_uid(current_uid().val);
-#endif
 }
+#endif
 
 #ifdef CONFIG_HAVE_SYSCALL_TRACEPOINTS
 // Generic sys_enter handler that dispatches to specific handlers
@@ -318,10 +292,6 @@ static void ksu_sys_enter_handler(void *data, struct pt_regs *regs, long id)
 			return;
 		}
 
-		// Handle inode_permission via faccessat
-		if (id == __NR_faccessat || id == __NR_faccessat2)
-        	return ksu_handle_inode_permission(regs);
-
 #ifdef CONFIG_KSU_MANUAL_SU
 		// Handle task_alloc via clone/fork
     	if (id == __NR_clone || id == __NR_clone3)
diff --git a/kernel/syscall_hook_manager.h b/kernel/syscall_hook_manager.h
index b19d617b..79253af8 100644
--- a/kernel/syscall_hook_manager.h
+++ b/kernel/syscall_hook_manager.h
@@ -11,12 +11,6 @@
 #include "selinux/selinux.h"
 #include "objsec.h"
 
-#ifndef DEVPTS_SUPER_MAGIC
-#define DEVPTS_SUPER_MAGIC    0x1cd1
-#endif
-
-extern int __ksu_handle_devpts(struct inode *inode); // sucompat.c
-
 // Hook manager initialization and cleanup
 void ksu_syscall_hook_manager_init(void);
 void ksu_syscall_hook_manager_exit(void);