build(deps): bump the maven group across 1 directory with 10 updates

Bumps the maven group with 10 updates in the /manager directory:

| Package | From | To |
| --- | --- | --- |
| androidx.navigation:navigation-compose | `2.9.0` | `2.9.2` |
| androidx.compose:compose-bom | `2025.06.00` | `2025.07.00` |
| androidx.lifecycle:lifecycle-runtime-ktx | `2.9.1` | `2.9.2` |
| androidx.lifecycle:lifecycle-runtime-compose | `2.9.1` | `2.9.2` |
| androidx.lifecycle:lifecycle-viewmodel-compose | `2.9.1` | `2.9.2` |
| com.android.application | `8.10.1` | `8.11.1` |
| com.android.library | `8.10.1` | `8.11.1` |
| [org.jetbrains.kotlin.android](https://github.com/JetBrains/kotlin) | `2.1.21` | `2.2.0` |
| [org.jetbrains.kotlin.plugin.compose](https://github.com/JetBrains/kotlin) | `2.1.21` | `2.2.0` |
| [com.google.devtools.ksp](https://github.com/google/ksp) | `2.1.21-2.0.2` | `2.2.0-2.0.2` |



Updates `androidx.navigation:navigation-compose` from 2.9.0 to 2.9.2

Updates `androidx.compose:compose-bom` from 2025.06.00 to 2025.07.00

Updates `androidx.lifecycle:lifecycle-runtime-ktx` from 2.9.1 to 2.9.2

Updates `androidx.lifecycle:lifecycle-runtime-compose` from 2.9.1 to 2.9.2

Updates `androidx.lifecycle:lifecycle-viewmodel-compose` from 2.9.1 to 2.9.2

Updates `androidx.lifecycle:lifecycle-runtime-compose` from 2.9.1 to 2.9.2

Updates `androidx.lifecycle:lifecycle-viewmodel-compose` from 2.9.1 to 2.9.2

Updates `com.android.application` from 8.10.1 to 8.11.1

Updates `com.android.library` from 8.10.1 to 8.11.1

Updates `com.android.library` from 8.10.1 to 8.11.1

Updates `org.jetbrains.kotlin.android` from 2.1.21 to 2.2.0
- [Release notes](https://github.com/JetBrains/kotlin/releases)
- [Changelog](https://github.com/JetBrains/kotlin/blob/master/ChangeLog.md)
- [Commits](https://github.com/JetBrains/kotlin/compare/v2.1.21...v2.2.0)

Updates `org.jetbrains.kotlin.plugin.compose` from 2.1.21 to 2.2.0
- [Release notes](https://github.com/JetBrains/kotlin/releases)
- [Changelog](https://github.com/JetBrains/kotlin/blob/master/ChangeLog.md)
- [Commits](https://github.com/JetBrains/kotlin/compare/v2.1.21...v2.2.0)

Updates `org.jetbrains.kotlin.plugin.compose` from 2.1.21 to 2.2.0
- [Release notes](https://github.com/JetBrains/kotlin/releases)
- [Changelog](https://github.com/JetBrains/kotlin/blob/master/ChangeLog.md)
- [Commits](https://github.com/JetBrains/kotlin/compare/v2.1.21...v2.2.0)

Updates `com.google.devtools.ksp` from 2.1.21-2.0.2 to 2.2.0-2.0.2
- [Release notes](https://github.com/google/ksp/releases)
- [Commits](https://github.com/google/ksp/compare/2.1.21-2.0.2...2.2.0-2.0.2)

---
updated-dependencies:
- dependency-name: androidx.navigation:navigation-compose
  dependency-version: 2.9.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven
- dependency-name: androidx.compose:compose-bom
  dependency-version: 2025.07.00
  dependency-type: direct:production
  dependency-group: maven
- dependency-name: androidx.lifecycle:lifecycle-runtime-ktx
  dependency-version: 2.9.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven
- dependency-name: androidx.lifecycle:lifecycle-runtime-compose
  dependency-version: 2.9.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven
- dependency-name: androidx.lifecycle:lifecycle-viewmodel-compose
  dependency-version: 2.9.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven
- dependency-name: androidx.lifecycle:lifecycle-runtime-compose
  dependency-version: 2.9.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven
- dependency-name: androidx.lifecycle:lifecycle-viewmodel-compose
  dependency-version: 2.9.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: maven
- dependency-name: com.android.application
  dependency-version: 8.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven
- dependency-name: com.android.library
  dependency-version: 8.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven
- dependency-name: com.android.library
  dependency-version: 8.11.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven
- dependency-name: org.jetbrains.kotlin.android
  dependency-version: 2.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven
- dependency-name: org.jetbrains.kotlin.plugin.compose
  dependency-version: 2.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven
- dependency-name: org.jetbrains.kotlin.plugin.compose
  dependency-version: 2.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven
- dependency-name: com.google.devtools.ksp
  dependency-version: 2.2.0-2.0.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: maven
...

Signed-off-by: dependabot[bot] <support@github.com>

kernel/core_hook.c

@@ -62,7 +62,7 @@ static inline bool is_allow_su()
 	return ksu_is_allow_uid(current_uid().val);
 }
 
-static inline bool is_unsupported_app_uid(uid_t uid)
+static inline bool is_unsupported_uid(uid_t uid)
 {
 #define LAST_APPLICATION_UID 19999
 	uid_t appid = uid % 100000;
@@ -505,13 +505,14 @@ int ksu_handle_prctl(int option, unsigned long arg2, unsigned long arg3,
 	return 0;
 }
 
-static bool is_non_appuid(kuid_t uid)
+static bool is_appuid(kuid_t uid)
 {
 #define PER_USER_RANGE 100000
 #define FIRST_APPLICATION_UID 10000
+#define LAST_APPLICATION_UID 19999
 
 	uid_t appid = uid.val % PER_USER_RANGE;
-	return appid < FIRST_APPLICATION_UID;
+	return appid >= FIRST_APPLICATION_UID && appid <= LAST_APPLICATION_UID;
 }
 
 static bool should_umount(struct path *path)
@@ -583,25 +584,13 @@ int ksu_handle_setuid(struct cred *new, const struct cred *old)
 		return 0;
 	}
 
-	if (is_non_appuid(new_uid)) {
-#ifdef CONFIG_KSU_DEBUG
-		pr_info("handle setuid ignore non application uid: %d\n", new_uid.val);
-#endif
+	if (!is_appuid(new_uid) || is_unsupported_uid(new_uid.val)) {
+		// pr_info("handle setuid ignore non application or isolated uid: %d\n", new_uid.val);
 		return 0;
 	}
 
-	// isolated process may be directly forked from zygote, always unmount
-	if (is_unsupported_app_uid(new_uid.val)) {
-#ifdef CONFIG_KSU_DEBUG
-		pr_info("handle umount for unsupported application uid: %d\n", new_uid.val);
-#endif
-		goto do_umount;
-	}
-
 	if (ksu_is_allow_uid(new_uid.val)) {
-#ifdef CONFIG_KSU_DEBUG
-		pr_info("handle setuid ignore allowed application: %d\n", new_uid.val);
-#endif
+		// pr_info("handle setuid ignore allowed application: %d\n", new_uid.val);
 		return 0;
 	}
 
@@ -613,11 +602,11 @@ int ksu_handle_setuid(struct cred *new, const struct cred *old)
 #endif
 	}
 
-do_umount:
 	// check old process's selinux context, if it is not zygote, ignore it!
 	// because some su apps may setuid to untrusted_app but they are in global mount namespace
 	// when we umount for such process, that is a disaster!
-	if (!is_zygote(old->security)) {
+	bool is_zygote_child = is_zygote(old->security);
+	if (!is_zygote_child) {
 		pr_info("handle umount ignore non zygote child: %d\n",
 			current->pid);
 		return 0;

kernel/selinux/rules.c

@@ -19,7 +19,7 @@
 static struct policydb *get_policydb(void)
 {
 	struct policydb *db;
-	struct selinux_policy *policy = rcu_dereference(selinux_state.policy);
+	struct selinux_policy *policy = selinux_state.policy;
 	db = &policy->policydb;
 	return db;
 }
@@ -189,6 +189,8 @@ static void reset_avc_cache()
 
 int handle_sepolicy(unsigned long arg3, void __user *arg4)
 {
+	struct policydb *db;
+
 	if (!arg4) {
 		return -1;
 	}
@@ -206,9 +208,9 @@ int handle_sepolicy(unsigned long arg3, void __user *arg4)
 	u32 cmd = data.cmd;
 	u32 subcmd = data.subcmd;
 
-	rcu_read_lock();
+	mutex_lock(&ksu_rules);
 
-	struct policydb *db = get_policydb();
+	db = get_policydb();
 
 	int ret = -1;
 	if (cmd == CMD_NORMAL_PERM) {
@@ -458,7 +460,7 @@ int handle_sepolicy(unsigned long arg3, void __user *arg4)
 	}
 
 exit:
-	rcu_read_unlock();
+	mutex_unlock(&ksu_rules);
 
 	// only allow and xallow needs to reset avc cache, but we cannot do that because
 	// we are in atomic context. so we just reset it every time.

manager/gradle/libs.versions.toml

@@ -1,10 +1,10 @@
 [versions]
-agp = "8.10.1"
-kotlin = "2.1.21"
-ksp = "2.1.21-2.0.2"
-compose-bom = "2025.06.00"
-lifecycle = "2.9.1"
-navigation = "2.9.0"
+agp = "8.12.0"
+kotlin = "2.2.0"
+ksp = "2.2.0-2.0.2"
+compose-bom = "2025.07.00"
+lifecycle = "2.9.2"
+navigation = "2.9.3"
 activity-compose = "1.10.1"
 kotlinx-coroutines = "1.10.2"
 coil-compose = "2.7.0"