From the ubuntu-phone@ thread:
"Based on conversations with tvoss and jjohansen, it sounds like the best course of action is to implement option #2 here: write a shim on the Ubuntu side that apps talk to the binder camera service and have the binder camera service verify the apparmor label (profile name) of the connecting process to limit access to it to only the shim."
From the ubuntu-phone@ thread:
"Based on conversations with tvoss and jjohansen, it sounds like the best course of action is to implement option #2 here: write a shim on the Ubuntu side that apps talk to the binder camera service and have the binder camera service verify the apparmor label (profile name) of the connecting process to limit access to it to only the shim."