I've downloaded the android source. I want to understand how in the backend the permissions for an app are verified.
For instance, if an app tries to access Camera how does the OS verify if it has got the permission in its manifest file or not.
More specifically I want to explore the exact source folder.
Edit: After few digs at the code, and thanks to the explanation from Stephan i was able to find that in framework/base/data/etc/platform.xml we find the list of permissions and their assigned uid or gid.
Location, Contacts etc seem to have given access to shell. Eg:
<assign-permission name="android.permission.READ_CONTACTS" uid="shell" />
So does that mean, when an app has READ_CONTACTS permission in its manifest file, it by default has access to do so? I mean where is the validation performed.
Take a look at this book for a partial answer: Embedded Android
I couldn't confirm that I had the right answer from that book, but here is my own interpretation of that book as it relates to your question. Please, anyone, feel free to correct my interpretation at any time. I don't pretend to know the answer for sure. And hopefully, my own interpretation of this permission system will help you find the right place where the code is doing the work, because I haven't located that part either.
I believe these kinds of permissions are all handled transparently at the Linux file group id permissions level. Android is essentially an operating system sitting on and making use of another operating system.
In Android, when a system camera first gets installed, Linux assigns it its own user id, along with its own home directory, it gets listed in something called the Services Manager (not to be confused with higher level Android Services which are something else entirely), and it also gets a group id (a single group id representing the entry point for possibly multiple cameras: front camera, back camera, and a second back camera in case you have a 3-D phone). That group id (gid) is essentially an integer that got mapped out at installation time, from the string constant representing the permission for the camera.
In Linux, every app is a user, every app is also a directory, but also in Linux everything is a file, even an empty directory is a file, a device is a file, and even io can be a file.
And here is where I believe things get a bit counter-intuitive. With Linux each user app comes with its own blank sandbox for it to run its own process. And that in Linux, the permission itself is used by Binder to access the handle of the system app in question and bind it with your application. So without that handle of the system app and all the possible environment variables that come with it, your own app simply won't be able to even know how to run anything outside of its sandbox. It would be just like writing a program and leaving out the relevant import statements.
And that is why in Android, when leaving out a permission for a function you're using, the system doesn't directly tell you "You don't have permission to do this". The system doesn't even know that much. The system only knows that you tried to run something that it couldn't find/access (for whatever reason, it could just have been a typo inside your source file for all it knows). And so most of the time when you just forget to include a permission, the system will just give you a big puzzled look on its face, just like if you had been speaking martian to it.
And it's only more recently that the Android development tool creators have been getting better at giving us hints that we may have forgotten to include a specific permission. Forgetting a permission is such an easy error to make, especially among beginners. It's an error that could be made to disappear permanently, with the right IDE/toolchain automation tool.