I've released some example code (and docs) to inject your own JVM classes into any Android VM process (including system_server) and how to hijack system services using that mechanism.
In the process of explaining, I also elaborate a bit on how native code injection works for this project, as well as for the injection code I release earlier (inject-hook-cflumen @ GitHub)
It also includes some ramblings on how this could have been used to change how apps use root (su).
See the repo on GitHub
hi how to root my tablet galaxy tab a sm-t285