There should be a simple standard way to fake/limit all permissions.
For example, the app wants to access your contacts. Instead of "yes or no", you choose a subset of contacts that the app is allowed to see: could be all, could be none, could be a selected set (perhaps a special set of fake contacts). Whatever you choose, the app is told that these are all the contacts that exist on your phone.
If the app wants to access the camera, the options are: actual camera, always black pixels, a selected static picture, a selected picture that is shaking to add extra realism. Whatever you choose, the app is told that this is the actual camera.
If the app wants to access the disk, you could specify that a new directory should be created and the app would be told that this directory is the entire disk. Etc.
For example, the app wants to access your contacts. Instead of "yes or no", you choose a subset of contacts that the app is allowed to see: could be all, could be none, could be a selected set (perhaps a special set of fake contacts). Whatever you choose, the app is told that these are all the contacts that exist on your phone.
If the app wants to access the camera, the options are: actual camera, always black pixels, a selected static picture, a selected picture that is shaking to add extra realism. Whatever you choose, the app is told that this is the actual camera.
If the app wants to access the disk, you could specify that a new directory should be created and the app would be told that this directory is the entire disk. Etc.