How to access profile permissions via API

Actually, the PermissionSet SObject has a field in it called IsOwnedByProfile. Take a look at this blog post by Adam Torman, http://blogs.developerforce.com/engineering/2012/06/using-soql-to-determine-your-users-permissions-2.html:

This field determines whether a permission set is a custom one or if it is parented by a profile. This is made possible because for every profile, there is one underlying permission set. That way, permissions layer equally across permission sets without having to treat a profile differently.

So, if you want to find the CRUD permissions of a profile you can do something like this:

SELECT Id, SObjectType, PermissionsRead, PermissionsCreate
FROM ObjectPermissions
WHERE parentid in (select id from permissionset where
PermissionSet.Profile.Name = 'System Administrator')

Doing this is pretty much possible both in Apex and Visualforce code. The platform gives rich describe information and shorthands which check the current user's CRUD or FLS permissions.

Here are few code snippets

To know if few fields are accessible

<apex:outputText value="{!accountBillingAddress}" rendered="{!AND($ObjectType.Account.fields.BillingCity.Accessible, $ObjectType.Account.fields.BillingState.Accessible)}"/> 

To check the same in Apex code

     if (Schema.sObjectType.Account.fields.BillingCity.isAccessible()
          &&
        Schema.sObjectType.Account.fields.BillingState.isAccessible()  
        ){ }

Similarly individual objects can be checked as well, for ex:

<apex:relatedList list="Contacts" rendered="{!$ObjectType.Case.accessible}"/>

This guide has lot of rich details about secure coding guidelines for further reading: http://wiki.developerforce.com/page/Secure_Coding_Guideline

Source : VF Dev guide (http://www.salesforce.com/us/developer/docs/pages/Content/pages_controller_std_checking_accessibility.htm) and Developer force WIKI