Android already uses a sandbox mechanism where the applications can use only the permissions that are strictly necessary to perform the operations for which they were designed, and only inside the protected environment.
Indeed, Android apps during the installation, will ask for permissions to access some of the device resources (the call list, the address book, the GPS module or the 3G connectivity and Wi-Fi, and so on)
But honestly I don't think there are sandboxing/virtualization apps (like Sandboxie or Shade for example) for non custom Android ROM, or at least I have not found them, about custom ROM no idea.