How does Android enforce permissions?

Question

I have read several articles about the "Android Security Model" (1, 2, 3 and more). I understand the theoretical MAC model of permissions, and most of what is relevant for application development. But there is seemingly very little documentation about extensive low-level details of:

1. How permissions are ACTUALLY enforced at system-level. That is, using JNI, what will stop me from directly accessing hardware such as the GPS? (I realize there might be a fallback on linux documentation, unrelated to Android, answering this, or an even more general and classic OS solution to this problem).
2. What actually happens on the execution stack and which functions are called when utilizing Android ICC.

Can anybody refer me to an explaination and/or relevant code segments from Android?

//EDIT: To clarify things (because it seems commenters were confused), the question in the title is split here in two seperate (quite different) questions. The first answer here indeed answers the first question, regarding low-level mechanisms that exist in ARM processor (thanks). The second question regarding ICC procedure calls remains unanswered...

Answer 1

In the end, it's the processor itself that allows the OS to set kernel/privileged/supervisor mode vs. user/unprivileged modes of execution. Without escalating to a privileged mode, you can't enable/disable/configure interrupts, access certain peripherals, and/or violate memory boundaries (depending on the architecture). See, for example, this documentation for the ARM A8 processors.

If you want higher privileges, the only thing you can do is trigger a system call interrupt with the SWI instruction, passing the system call handler a number to inform it of what you want to do. It's up to that handler to decide whether you can or cannot access the hardware directly.

This is what stops you from directly accessing the GPS in the end. I can't help you with the software side of things.