I'm wondering if Linux/Unix has something equivalent to the permission system in Android
In Android there are permissions that an app needs to ask for, and that a user will see and need to approve when she installs a new app (for example there are permissions for the Camera and for accessing the network)
You cannot really compare the systems like that. Although Android uses the Linux kernel, the operating system works differently than a "normal" GNU/Linux distribution.
Applications in Android runs in a sandbox environment, without any rights at all outside of that environment. That is why applications must ask permission to access other parts of your Android system upon installation.
A "normal" GNU/Linux distribution does not work that way. When you install a usual program (GIMP for instance), it runs not in a sandbox environment. Thus, you do not have to grant access to GIMP to access your files.
When certain programs in a "normal" distribution wants to do something that requires elevated (root) permissions (a package manager for instance), you will have to grant access for that program to do that certain task by typing in the root password. But for "normal" programs, that is not necessary.
I hope the above made things at least a little clerarer! Maybe someone with deeper knowledge of Android will come along and write a more thourough answer.
Here is a great answer by @Stephen Kitt on permissions in GNU/Linux.
Here is a link on how how permissions work in Android.
What you're looking for is called Mandatory Access Control, or MAC. Android enables it by default and it is tightly integrated into the userland APIs, but the technologies that lie at base of the MAC in Android (i.e., SELinux) are part of the default Linux kernel. Additionally, there exists another framework for MAC called AppArmor, which android does not use but which has similar features.
Configuring SELinux or AppArmor is not for the faint of heart. However, many distributions ship with default SELinux and/or AppArmor policies that you can use. For instance, Ubuntu ships with AppArmor enabled by default, and RHEL/CentOS ship with a few SELinux rule sets that you can choose from, with the least restrictive one of the set being enabled by default. Debian, too, has an SELinux rule set that it ships with, but it is not enabled by default, and it is not as well tested with SELinux enabled.
Most of the distributions that ship with MAC enabled don't have a very restrictive set of rules; after all, if it gets in the way too much, people will just disable it, and then you don't reap the benefits. However, it's certainly possible to enable a more restrictive set of rules -- it just means you may need to debug things a bit more, as most applications on the Linux desktop are not tested with MAC enabled.
One feature of some SELinux rule sets is the "SELinux sandbox". If you use that, applications that run inside it will have very few permissions. This can be useful to test an application without risk of it misbehaving and eating your files. For more information on that, you can read https://www.linux.com/learn/run-applications-secure-sandboxes-selinux.
