On your regular Android root device (which will use the Superuser application and its corresponding su binary) applications that request root access can only execute commands with root privileges through the su binary code.
So, yes , since the application itself still works as an undirected user process, so all it needs to do using the “normal” APIs is still need the correct permissions. Therefore, if you want (as in your example) to access the camera using the regular Java API, you will not be able to do this if you did not declare this permission.
But no , if the application requests and receives root privileges through the su binary, you can do anything inside this command. Therefore, if you wrote a special binary or script that can access the camera outside the usual API methods, this might work. (I suspect this will be more trouble than it's worth).