we are using "stock~ish" brightness values, so i think it is as low as it can get, not 100% sure really. i dont mess with brightness tables that often
If you are using magisk, since Nov. you must go to magisk settings and enable "Magisk Hide" otherwise it will not pass.
if you are not using magisk, safetynet will pass just fine unrooted.
magisk hide is now mandatory until magisk gets updated to patch whatever new detection google added
this seems like some issue with CSC, i advise to reinstall and manually select your country from the omc list. also a clean flash is probably needed
TLDR; permissive is "insecure" and allows anything to write/read from the entire device, sepolicy defines what is allowed to R/W what.
so this is making your device less secure.
however, this will heavily depend on WHAT you do on your phone, if you install "fishy" apps or bad cracked apps, you run a higher risk compared to being enforced, as rough apps wont be able to access restricted domains when enforced.
permissive is the other way around, it gives full access. on such ported ROMs, we need it so our old incompatible HALs / Drivers to work and interface with android properly. without it we run into issues ranging from not being able to boot, all the way to having camera , graphics etc broken.
so just be careful what you install. and you should be fine, i have personally never faced security issues caused by permissive domains, but that does not mean they dont exist.