I haven't read anywhere whether 4.3 requires the system to be mounted non-suid or merely operates that way by default. If it's not actually required, it shouldn't be too difficult to re-enable suid mount from a custom recovery (but I don't know about the SELinux parts).

Conceivably, this would allow the DRM subsystems to easily detect root-able systems (and perhaps even using some sort of active probing to check whether the kernel has been modified to lie about suid mount status).