If I call socket() function in JNI C methods, the application will still fail with a permission error. And if I put a uses-permission line in AndroidManifest.xml, the problem is fixed.
So it seems Android permission check is not implemented in Dalvik virtual machine since I’m calling a native C function and still gets checked. I would like to know how where check is performed, in Android kernel, or the application is traced with something like ptrace to intercept every system call, or any other way. Many thanks.
The checks are performed by the Linux kernel, using group membership to determine access rights.
If you look in the zygote fork code in the VM you can see it using setgroups() to set the supplementary groups IDs. If you chase it around a bit in the app framework code you can see where it determines the permissions and passes them down to forkAndSpecialize().