Comment 2 for bug 1340345

Regarding the file permissions: since apps run in the user's session under the user's UID, apps would have this access. Apps with the camera policy group (a common policy group available to apps without restriction) would then be able to access the socket. I'm not sure what you mean by 'as a user by the same name'. Apps can fork and change their exec line to fake being another app's executable. Can you elaborate?