I think they provide the tools to jailbreak. With a kernel exploit to trigger it may be possible to bypass, but then it becomes a cat and mouse game, which would presumably be easier for the vendor to win (detect any program running as root, any root kits, etc, all which can be added in surprise patches). Plus, if you provide an official jailbreak, that removes some incentive for security researchers to discover new jailbreaks.