I'm noticing that Google Chrome (Version 65.0.3325.181 (Official Build) (64-bit) — current version as of writing this question) has enabled my MBP camera and, perhaps, the microphone:
$ lsof | grep "AppleCamera"
Google 1466 areynolds txt REG 1,6 354304 4305421720 /Library/CoreMediaIO/Plug-Ins/DAL/AppleCamera.plugin/Contents/MacOS/AppleCamera
$ ps -p 1466
PID TTY TIME CMD
1466 ?? 0:38.47 /Applications/Google Chrome.app/Contents/MacOS/Google Chrome
I have no tabs open (just one window, which defaults to https://www.google.com). I have also disabled all Chrome extensions and apps.
I went into Chrome's settings and set the switches to require sites that use the camera and microphone to first ask my permission.
How do I stop Google Chrome from enabling my camera and microphone without permission? If relevant or useful, I am running OS X 10.13.4.
EDIT
Perhaps an alternative or more general question is: Given that this application is accessing the camera without permission, is there a way in OS X to block access to the AppleCamera device (or any particular device, generally) on a per-application level, as a general security measure? Is there a way to lock down OS X to this degree (perhaps via LDAP attributes used via OS X Server/Open Directory)?
Best Answer
You have presumed too much from the software's name. The CoreMediaIO Device Abstraction Layer (DAL)
Apple.Camera.plugindoes not control the camera, and wouldn't know how to control it even if you gave it permission. It has one job: to manage video (and muxed) streams from video devices that are already streaming. With no hardware driver running in the kernel, there can be no power sent to the camera--no kext, no power, no picture: Apple DocumentationSo, why is it running? It helps avoid a little wait time when it is called into actual use. It's been there for well over ten years, and if
AppleCamera.pluginwas a vector for intrusion, we'd have heard much sooner.