It defaults to a silently fail permission policy, and notifies you when an app is requesting access. You can then chose to deny, allow, deny always, or allow always.
It's the antidote to Android's insane security model where all users see is "do you want to be able to run this app?".
Second this. Privacy Guard in CM11 solves this and is quite simple to configure. Add to this Droidwall and whitelist only the apps you need and you have a fairly god setup.
It defaults to a silently fail permission policy, and notifies you when an app is requesting access. You can then chose to deny, allow, deny always, or allow always.
It's the antidote to Android's insane security model where all users see is "do you want to be able to run this app?".