I'm also interested in this question. Running with selinux=permissive is high risk, and it seems irresponsible that such a large proportion of unofficial ROMs disable selinux. LineageOS makes it mandatory to run selinux in enforcing mode in their official ROMs for good reason.
With selinux disabled, it is trivial for malicious code in an app to permanently root the device and gain full control over it, giving malicious actors the ability to access and exploit your personal information that exists within your other apps or perform other malicious activity without the user knowing. Given that there is a PoC on github that shows how to do this, you can bet that this exploit is already out in the wild.
@Awesometic, I appreciate and respect that you put a lot of your personal time and effort into this (it's a lot more than I do), but I think this concern is valid. Can you eli5 why you haven't set selinux=enforcing in your builds, and if it is possible, what it would take to achieve this?
You're right, SELinux permissive is not safe from hacking. I know why making it enforce is important, but the reason is the time for sure.
As the main purpose of this development is to make the tablet usable again, SELinux enforcing is not a priority one since we all know the SELinux job takes so much time while that is not that important for normal use of the tablet.
So for now I wouldn't say that I will do that job in the future.