Sigh, this was not clear. Option #2 is: write a shim on the Ubuntu side that apps talk to. The shim talks to the binder camera service. The binder camera service verifies the apparmor label of the connecting process and rejects all connections not from the shim.
Sigh, this was not clear. Option #2 is: write a shim on the Ubuntu side that apps talk to. The shim talks to the binder camera service. The binder camera service verifies the apparmor label of the connecting process and rejects all connections not from the shim.