Interesting side note:
By design, Android lets any app escalate its privileges to root when SELinux is disabled:
https://www.reddit.com/r/Android/comments/lfye5r/comment/gmo...Therefore, just the boot parameter injection can be used to get temporary root privileges on a whole bunch of phones.