I'm trying to restrict apps in Android by modifying source code. I was able to get it working for Internet, but I was not able to restrict apps from using Camera or Location?
Internet permission is enforced at linux process level with group-id. But I Camera/Location are not enforced the same way.
So I want to know what is the best place to restrict the apps for these permissions. Are checkCallingPermission() enforceCallingPermission() methods the right ones?
I may be wrong but it looks like you are trying to reinvent the bicycle. The correct way to go about this would be to use SEAndroid:
http://selinuxproject.org/page/SEAndroid
What you are trying to do is one of many security enhancements offered and you would not need to modify source code every time you need to change something, just update the security policy. Specifically, Middleware MAC would do the trick.
Yes, you're right. In these methods you can put your hooks where you will check if a permission should be restricted for an application. We did similar check when we were implementing CRePE (enter link description here).