Encrypted cross-platform SD Card with modern Android versions (15)

I want to extend my storage using an SD card. To ensure the data is secure even if the phone is lost or stolen, the SD Card should be encrypted. So formatting the card as portable storage is out. Requirements: - Encrypted - Ability to decrypt and access data using a PC (Linux machine is fine) - SD card should be usable by common apps. - Even when formatting the SD card as adoptable storage, some apps cannot be moved and don't give the option to use said adoptable storage. They do give the option to store their data on a card formatted as portable storage. - Read/write speeds should not be significantly lower than when using SD card normally. - Nice to have: I can still restrict which apps have access where to keep separation and avoid a shared storage space accessible to all apps. I found a couple of other threads on this topic, however, it seems with newer Android versions and scoped storage, these previous methods have some limitations. Considered options: - Format as adoptable storage and move apps there. - Issue 1: not all apps can be moved, some data, like photos/videos are still stored internally. - Issue 2: Decryption isn't easily possible, guides such as [this one](https://android.stackexchange.com/questions/145443/how-to-decrypt-adopted-storage/145446#145446) appear to be outdated. I believe the encryption mode has changed. (If someone has pointers to adapt this to current versions of Android, I'd be thankful). - Set up a LUKS encrypted partition. Various instructions exist on how to set this up in principle, including this [handy script](https://github.com/pegelf/Android-LUKS-mount/blob/e05de18a770cc63a04b86922d12e5af27f449666/01-mount-luks-sd.sh) . - Seems to work in principle, in that I can mount and access the encrypted file system somewhere in /storage/emulated/0/. However, I've not been able to figure out how to get apps to actually be able to write to that mount, given the scoped storage concepts in Android -> permissions error. - Also, some apps don't provide the option to alter the location where they store data, as long as they don't believe an SD card is inserted (e.g. camera storing photos). - **EDIT:** Actually, my main issue here seems to be SELinux. If I setenforce 0, I can use this mount. I haven't found a way around this without significantly weakening security. The perfect solution would be if I could get the phone to think it sees a SD card in "portable storage" mode, which is actually a LUKS-encrypted partition on the card under the hood. Any ideas/pointers on how to set up something like this or similar? Environment: rooted LineageOS 22.1