diff --git a/sepolicy/base/public/domain.te b/sepolicy/base/public/domain.te
index 02bf69ab7e23307b80930947352187a779e20a35..c8d51ae57c6bc08d717a18a2f8dc54c5fbda4444 100644
--- a/sepolicy/base/public/domain.te
+++ b/sepolicy/base/public/domain.te
@@ -284,7 +284,7 @@ neverallow { domain -console -init -hdcd -sh -faultloggerd -riladapter_host
 #limit execmem use
 neverallow { domain -hap_domain } self:process execmem;
 
-neverallow { domain -processdump -download_server -netmanager -softbus_server -wifi_hal_service -resource_schedule_service -camera_host -usb_host
+neverallow { domain -processdump -download_server -netmanager -softbus_server -wifi_hal_service -resource_schedule_service -usb_host
     -hidumper_service -hap_domain } domain:process ptrace;
 
 # limit capability use.
diff --git a/sepolicy/ohos_policy/drivers/adapter/vendor/hdf_host.te b/sepolicy/ohos_policy/drivers/adapter/vendor/hdf_host.te
index 028d7eeee2b81bee8fe0456ff30185820f6a4edb..39d09f169eafe98fa25b6ec9e457aa0dfff30352 100644
--- a/sepolicy/ohos_policy/drivers/adapter/vendor/hdf_host.te
+++ b/sepolicy/ohos_policy/drivers/adapter/vendor/hdf_host.te
@@ -107,7 +107,6 @@ allow vibrator_host hdf_vibrator_interface_service:hdf_devmgr_class { add };
 #avc:  denied  { add } for service=camera_service pid=348 scontext=u:r:camera_host:s0 tcontext=u:object_r:hdf_camera_service:s0 tclass=hdf_devmgr_class permissive=1
 #avc:  denied  { call } for  pid=439 comm="PREVIEW#2" scontext=u:r:camera_host:s0 tcontext=u:r:dcamera:s0 tclass=binder permissive=0
 allow camera_host camera_host:netlink_kobject_uevent_socket { bind bind create read create };
-allow camera_host camera_host:process { ptrace };
 allow camera_host camera_service:binder { call transfer };
 allow camera_host data_log:file { read write };
 allow camera_host dev_dri_file:chr_file { getattr ioctl open read write };