Is not it mega-easy? Just have a read-only connector where user requests are filtered to be safe. And have another connector where you can flash firmware, etc. Will be much easier than making every sensor/device security aware.
This can be extended for example to filter communications with the entertainment system to accept only communications that is expected from that system. Kind of layer 7 firewalling/proxying. I have not read about the attack vectors available but I don't see any other sensible solution.