In Android, my understanding is that an application declares a list of permissions that it needs in the manifest file and during runtime, it makes a request to perhaps the Reference monitor which then decides whether this application has that permission.
Is it possible (without having root or having to modify Android's source code) to write a third-party application that can just intercept these requests (the requests that an application queries the Reference monitor with to check if it has the permission or not)? If yes, can someone give me some pointers on how to go about doing this?
Android app permissions are managed by the Linux kernel. Follow the zygote fork code to see where this happens.
There is no "do I have permission" call. The app tries to use a resource (open a socket, create a file on an SD card) and the kernel either allows it or doesn't.