On devices running Android 11 or higher, the Android
framework supports system
cameras, which are camera devices that are visible only to processes with the
android.permission.SYSTEM_CAMERA permission and regular camera permissions.
The android.permission.SYSTEM_CAMERA permission, introduced in
Android 11, has
a protection level of system|signature. This means that only apps installed on
the system partition with or signed with the same certificate as the system can
be granted this permission. Third-party public apps can't access system cameras.
System cameras are useful for device manufacturers that want to implement features that require access to a camera but are also restricted to privileged or system apps.
Because systems apps that are granted the
android.permission.SYSTEM_CAMERA permission must also have the
android.permission.CAMERA
permission, users can choose to revoke normal CAMERA permissions to prevent
such an app from accessing the cameras on the device.
Implementation
To make a particular camera device a system camera, the camera HAL must
advertise
ANDROID_REQUEST_AVAILABLE_CAPABILITIES_SYSTEM_CAMERA
in its capabilities list.
To create an app that has access to a system camera, the app must be allowlisted
in the device-specific privapp-permissions.xml file, which specifies the apps
that the
android.permission.SYSTEM_CAMERA
permission must be granted to.
Validation
To verify that no system cameras on the device can be discovered by a public
app, run the
android.permission.cts.Camera2PermissionTest.testSystemCameraDiscovery CTS
test.
All camera CTS tests run on system camera devices.