diff --git a/native/jni/core/daemon.cpp b/native/jni/core/daemon.cpp
index 5eeb77c18..bcc661e14 100644
--- a/native/jni/core/daemon.cpp
+++ b/native/jni/core/daemon.cpp
@@ -160,6 +160,7 @@ static void handle_request_async(int client, int code, const sock_cred &cred) {
         reboot();
         break;
     case MainRequest::ZYGISK:
+    case MainRequest::ZYGISK_PASSTHROUGH:
         zygisk_handler(client, &cred);
         break;
     default:
@@ -208,18 +209,24 @@ static void handle_request(pollfd *pfd) {
     bool is_zygote;
     int code;
 
-    if (!get_client_cred(client, &cred))
+    if (!get_client_cred(client, &cred)) {
+        // Client died
         goto done;
+    }
     is_root = cred.uid == UID_ROOT;
     is_zygote = cred.context == "u:r:zygote:s0";
 
-    if (!is_root && !is_zygote && !is_client(cred.pid))
+    if (!is_root && !is_zygote && !is_client(cred.pid)) {
+        // Unsupported client state
+        write_int(client, MainResponse::ACCESS_DENIED);
         goto done;
+    }
 
     code = read_int(client);
-
-    if (code < 0 || code >= MainRequest::END || code == MainRequest::_SYNC_BARRIER_)
+    if (code < 0 || code >= MainRequest::END || code == MainRequest::_SYNC_BARRIER_) {
+        // Unknown request code
         goto done;
+    }
 
     // Check client permissions
     switch (code) {
@@ -237,7 +244,14 @@ static void handle_request(pollfd *pfd) {
         break;
     case MainRequest::REMOVE_MODULES:
         if (!is_root && cred.uid != UID_SHELL) {
-            write_int(client, MainResponse::ROOT_REQUIRED);
+            write_int(client, MainResponse::ACCESS_DENIED);
+            goto done;
+        }
+        break;
+    case MainRequest::ZYGISK:
+        if (!is_zygote) {
+            // Invalid client context
+            write_int(client, MainResponse::ACCESS_DENIED);
             goto done;
         }
         break;
@@ -252,7 +266,7 @@ static void handle_request(pollfd *pfd) {
         goto done;
     }
 
-    // Handle complex requests in another thread
+    // Handle async requests in another thread
     exec_task([=] { handle_request_async(client, code, cred); });
     return;
 
@@ -422,8 +436,8 @@ int connect_daemon(int req, bool create) {
     case MainResponse::ROOT_REQUIRED:
         LOGE("Root is required for this operation\n");
         exit(-1);
-    case MainResponse::INVALID_REQUEST:
-        LOGE("Invalid request\n");
+    case MainResponse::ACCESS_DENIED:
+        LOGE("Access denied\n");
         exit(-1);
     default:
         __builtin_unreachable();
diff --git a/native/jni/include/daemon.hpp b/native/jni/include/daemon.hpp
index faa5fe92d..f4e87d3d8 100644
--- a/native/jni/include/daemon.hpp
+++ b/native/jni/include/daemon.hpp
@@ -28,6 +28,7 @@ enum : int {
     SQLITE_CMD,
     REMOVE_MODULES,
     ZYGISK,
+    ZYGISK_PASSTHROUGH,
     END,
 };
 }
@@ -38,7 +39,7 @@ enum : int {
     ERROR = -1,
     OK = 0,
     ROOT_REQUIRED,
-    INVALID_REQUEST,
+    ACCESS_DENIED,
     END
 };
 }
diff --git a/native/jni/zygisk/deny/cli.cpp b/native/jni/zygisk/deny/cli.cpp
index 9100e20ec..3f8935394 100644
--- a/native/jni/zygisk/deny/cli.cpp
+++ b/native/jni/zygisk/deny/cli.cpp
@@ -35,10 +35,6 @@ void denylist_handler(int client, const sock_cred *cred) {
     int req = read_int(client);
     int res = DenyResponse::ERROR;
 
-    if (req < 0 || req >= DenyRequest::END) {
-        goto done;
-    }
-
     switch (req) {
     case DenyRequest::ENFORCE:
         res = enable_deny();
@@ -60,9 +56,9 @@ void denylist_handler(int client, const sock_cred *cred) {
                 ? DenyResponse::ENFORCED : DenyResponse::NOT_ENFORCED;
         break;
     default:
-        __builtin_unreachable();
+        // Unknown request code
+        break;
     }
-done:
     write_int(client, res);
     close(client);
 }
diff --git a/native/jni/zygisk/entry.cpp b/native/jni/zygisk/entry.cpp
index 60ef396a4..143fd7288 100644
--- a/native/jni/zygisk/entry.cpp
+++ b/native/jni/zygisk/entry.cpp
@@ -401,13 +401,6 @@ static void get_moddir(int client) {
 void zygisk_handler(int client, const sock_cred *cred) {
     int code = read_int(client);
     char buf[256];
-    if (code < ZygiskRequest::SETUP || code >= ZygiskRequest::END) {
-        write_int(client, -1);
-        return;
-    }
-    if (code != ZygiskRequest::PASSTHROUGH && cred->context != "u:r:zygote:s0") {
-        return;
-    }
     switch (code) {
     case ZygiskRequest::SETUP:
         setup_files(client, cred);
@@ -429,7 +422,8 @@ void zygisk_handler(int client, const sock_cred *cred) {
         get_moddir(client);
         break;
     default:
-        __builtin_unreachable();
+        // Unknown code
+        break;
     }
     close(client);
 }
diff --git a/native/jni/zygisk/main.cpp b/native/jni/zygisk/main.cpp
index 3fbee0ed1..ed2b812c2 100644
--- a/native/jni/zygisk/main.cpp
+++ b/native/jni/zygisk/main.cpp
@@ -173,7 +173,8 @@ int zygisk_main(int argc, char *argv[]) {
         int is_64_bit = parse_int(argv[3]);
         if (fcntl(client, F_GETFD) < 0)
             return 1;
-        if (int magiskd = zygisk_request(ZygiskRequest::PASSTHROUGH); magiskd >= 0) {
+        if (int magiskd = connect_daemon(MainRequest::ZYGISK_PASSTHROUGH); magiskd >= 0) {
+            write_int(magiskd, ZygiskRequest::PASSTHROUGH);
             write_int(magiskd, is_64_bit);
 
             if (read_int(magiskd) != 0) {