i actually got a little further with the "system" privilege given here.
but not close enough to gain root, sadly.
One of the old way to allow access to /dev/block filesystem is getting a dyn. link to that device, by having a folder in like /data/av_logging set as dyn. link to mmcblk0p11 and when init.rc boots and set ownership, it will switch the device into having 777 rights and you can easily read and dump that file system.
problem was that even with 777, i could not write back the dump of /system, like done on other devices with this trick.
with debugfs, you can actually make a "su" duplicate in /data/local/tmp and access this with debugfs command and change the su command (using write su su) and change owner to 0 and use 0105777 and rights.
debugfs -w /dev/mmcblk0p14
write su su2
and you can update the su2 command to have root rights. sadly the SuperSU.apk works only partly, since /data is a nosuid partition and i cannot write to /system with debugfs.
maybe this can help others, maybe not!