Comment by michaelmrose

If changing this permission requires root access then malware can only access it after they have obtained root access to your machine basically after you have already lost.

It this seems too insecure one could gate such a feature behind a physical switch on the device.

If this is indeed still not secure enough one could require a physical switch AND a password or token ensuring that the person physically holding the device can still be restricted by the owner in case the two aren't one in the same while providing all owners absolute privilege on their own hardware.