I think you are using the new 64 bits version, i didn't try because i have not 64bits devices.
With run-as /pathtofile you can dump to stdout any file(with run-as permissions), so to find out if is working in your device or is a permissions issue to /init try:
try different files and see if you get the output in your console.
You will get some information of files with size>= init.patch, for the exploit purposes.
Maybe the run-as user has not selinux permissions to dump init, which android are you using?
only run-as /init.rc gives result
i see the content in the console
run-as -f gives:
Error, no read access to /init.
Do you know how can i patch the adbd? i have dumped the adbd with the run-as dirtycow.
Maybe we can try to do something with an insecure adbd.