diff --git a/app.te b/app.te
index c7f7c2e898c8d2878d3a2a0de4fd0a194742ee80..48db05d077b62dc6a02c4b2bd4f993a05026c4ba 100644
--- a/app.te
+++ b/app.te
@@ -251,11 +251,12 @@ neverallow appdomain dev_type:blk_file { read write };
 # Access to any of the following character devices.
 neverallow appdomain {
     audio_device
-    video_device
+    camera_device
     dm_device
-    radio_device
     gps_device
+    radio_device
     rpmsg_device
+    video_device
 }:chr_file { read write };
 
 # Note: Try expanding list of app domains in the future.
diff --git a/device.te b/device.te
index 0fc90c51db6516222c1cb6ebf7f77b5dd61f3417..06006b26dde849471af13933d84178a4ce6972a3 100644
--- a/device.te
+++ b/device.te
@@ -6,6 +6,7 @@ type ashmem_device, dev_type, mlstrustedobject;
 type audio_device, dev_type;
 type binder_device, dev_type, mlstrustedobject;
 type block_device, dev_type;
+type camera_device, dev_type;
 type dm_device, dev_type;
 type loop_device, dev_type;
 type pmsg_device, dev_type, mlstrustedobject;