I know some permissions(like sdcard_rw,network,etc)is checked by Linux kernel.But other permissions?Like location,receive boot_boardcast, camera,etc. If they're checked by Android framework. Could we write code instead of the framework to use this without permissions?
Can we write code to instead the default Android API.
Should I read the source code of Android?
Sorry,I am a beginner of Android , and my English is poor.
Have a look at the LocationManager Sourcecode. The code is scattered with
throws SecurityException statements, every function call that might fail because of permission reasons should check the permission.
VoicemailContentProvider does this too, have a look at it's source to get an idea how it's implemented.
EDIT: my previous statement about checking on bind time is only partially true, this might be the case for older Android versions, current implementations seem to check permission on every access to the secured resources to allow for revoking through the settings application and runtime permission granting (a background process will fail to insert contacts when the permission is revoked, even if it never created a new binding to the ContactsProvider.)