Would there be any way to have no rules and just have the kernel display it as enforcing, just to get certian apps to work? (maybe releasing that and not letting people know would be a bad idea, for actual security reasons
)
I'm not an expert, but I don't think there is a way to have no rules and selinux enforcing. Of course, you could have possibly have one rule or rules that says allow everything and turn on selinux enforcing.
That would be the equivalent of a firewall rule allowing everything into your home router.
I only use my devices whether I built the rom or not with throwaway email addresses/identites. I don't login to anything, never use banking apps and in 2021 moving away from all things google or big tech related.
If someone steals my device or it's compromised due to the security vulnerabilities, it's not a big deal as there's nothing to connect me to anything important.
BTW, the kernel which the Samsung Tab A/E uses hasn't been updated in 3.5 years as per
The end of the 3.10 branch is a good opportunity to have a look back at how that worked, and to remind some important rules regarding how to...
wtarreau.blogspot.com
Not to mention all the proprietary blobs that exist in the device with possible security vulnerabilities.
So yes, having selinux enforcing is important, but keep in mind the bigger picture above.
And yes, there are tools which will generate the selinux rules by reading the adb logcat, but do you blindly trust that tool and simply grant everything it recommends?