diff --git a/kernel/core_hook.c b/kernel/core_hook.c
index 7fa351a7..5b81c2da 100644
--- a/kernel/core_hook.c
+++ b/kernel/core_hook.c
@@ -1010,6 +1010,17 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
 			return 0;
 		}
 #endif // #ifdef CONFIG_KSU_SUSFS_SUS_SU
+		if (arg2 == CMD_SUSFS_ENABLE_AVC_LOG_SPOOFING) {
+			int error = 0;
+			if (arg3 != 0 && arg3 != 1) {
+				pr_err("susfs: CMD_SUSFS_ENABLE_AVC_LOG_SPOOFING -> arg3 can only be 0 or 1\n");
+				return 0;
+			}
+			susfs_set_avc_log_spoofing(arg3);
+			if (copy_to_user((void __user*)arg5, &error, sizeof(error)))
+				pr_info("susfs: copy_to_user() failed\n");
+			return 0;
+		}
 	}
 #endif //#ifdef CONFIG_KSU_SUSFS
 
diff --git a/kernel/selinux/rules.c b/kernel/selinux/rules.c
index 918ab435..ebf19ff7 100644
--- a/kernel/selinux/rules.c
+++ b/kernel/selinux/rules.c
@@ -143,6 +143,7 @@ void ksu_apply_kernelsu_rules()
 #ifdef CONFIG_KSU_SUSFS
 	// Allow umount in zygote process without installing zygisk
 	ksu_allow(db, "zygote", "labeledfs", "filesystem", "unmount");
+	susfs_set_kernel_sid();
 	susfs_set_init_sid();
 	susfs_set_ksu_sid();
 	susfs_set_zygote_sid();
diff --git a/kernel/selinux/selinux.c b/kernel/selinux/selinux.c
index 5e1a7be6..7e85815b 100644
--- a/kernel/selinux/selinux.c
+++ b/kernel/selinux/selinux.c
@@ -14,9 +14,11 @@
 #ifdef CONFIG_KSU_SUSFS
 #define KERNEL_INIT_DOMAIN "u:r:init:s0"
 #define KERNEL_ZYGOTE_DOMAIN "u:r:zygote:s0"
+#define KERNEL_KERNEL_DOMAIN "u:r:kernel:s0"
 u32 susfs_ksu_sid = 0;
 u32 susfs_init_sid = 0;
 u32 susfs_zygote_sid = 0;
+u32 susfs_kernel_sid = 0;
 #endif
 
 static int transive_to_domain(const char *domain)
@@ -235,6 +237,11 @@ void susfs_set_init_sid(void)
 bool susfs_is_current_init_domain(void) {
 	return unlikely(current_sid() == susfs_init_sid);
 }
+
+void susfs_set_kernel_sid(void)
+{
+	susfs_set_sid(KERNEL_KERNEL_DOMAIN, &susfs_kernel_sid);
+}
 #endif
 
 #define DEVPTS_DOMAIN "u:object_r:ksu_file:s0"