Allowing the owner of the device root access doesn't necessarily break the security model. It just means that the user can grant additional privileges to specific apps the owner has decided to trust. Every other app still has to abide by the restrictions.

The fact that Android complains and tells any app that asks whether the owner actually, you know, owns the device they paid for is an implementation detail.

A Linux distribution that adopts an Android style security model could easily still provide the owner root access while locking down less trusted apps in such a way that the apps can't know or care whether the device is rooted.