Based on a new commit found in the Android code review repository, it looks like Android P is going to have a significant security improvement built into it. The commit suggests that idle apps will no longer have access to the camera and it looks like it will be universal across all apps.
If a UID is idle (being in the background for more than cartain (sp) amount of time) it should not be able to use the camera. If the UID becomes idle we generate an eror (sp) and close the cameras for this UID. If an app in an idle UID tries to use the camera we immediately generate an error. Since apps already should handle these errors it is safe to apply this policy to all apps to protect user privacy.
Today, a rogue app could access your camera without you knowing, even if that app is running in the background.
This new commit would effectively eliminate that possibility. While the odds are long that a developer would do this, it is technically possible in Android today.
As with any commit, you have to be a little careful to read to much into it, especially on a version of Android that has not been release or even confirmed officially by Google. But assuming this stands, and given that it has been merged into the codes base it likely will, this is a great step towards user privacy on devices that will run P.
Source: XDA Developers