diff --git a/interfaces/inner_api/file_access/include/file_access_helper.h b/interfaces/inner_api/file_access/include/file_access_helper.h
index 01902b62d847dced8df933a2c8faf400ffdbc4bc..bb03fd1999bf20faed75b3a9214914f4255b53a0 100644
--- a/interfaces/inner_api/file_access/include/file_access_helper.h
+++ b/interfaces/inner_api/file_access/include/file_access_helper.h
@@ -109,6 +109,7 @@ private:
     int CopyOperation(Uri &sourceUri, Uri &destUri, std::vector<Result> &copyResult, bool force = false);
     int CopyFileOperation(Uri &sourceUri, Uri &destUri, const std::string &fileName, Uri &newFileUri);
     int IsDirectory(Uri &uri, bool &isDir);
+    static bool CheckCallingPermission(const std::string &permission);
 
     sptr<IRemoteObject> token_ = nullptr;
     std::unordered_map<std::string, std::shared_ptr<ConnectInfo>> cMap_;
diff --git a/interfaces/inner_api/file_access/src/file_access_helper.cpp b/interfaces/inner_api/file_access/src/file_access_helper.cpp
index b65cc040ce9cc2ff904f74575fbbf3a205ffa183..a00e873df4500bbf791a49ef9fd81b7e1c0d9b52 100644
--- a/interfaces/inner_api/file_access/src/file_access_helper.cpp
+++ b/interfaces/inner_api/file_access/src/file_access_helper.cpp
@@ -17,6 +17,7 @@
 
 
 #include <nlohmann/json.hpp>
+#include "accesstoken_kit.h"
 #include "bundle_constants.h"
 #include "bundle_mgr_proxy.h"
 #include "file_access_framework_errno.h"
@@ -46,6 +47,9 @@ sptr<IFileAccessExtBase> g_destExtProxy;
 
 std::vector<Uri> deviceUris(DEVICE_ROOTS.begin(), DEVICE_ROOTS.end());
 
+const std::string FILE_ACCESS_PERMISSION = "ohos.permission.FILE_ACCESS_MANAGER";
+const std::string BUNDLE_INFO_PERMISSION = "ohos.permission.GET_BUNDLE_INFO_PRIVILEGED";
+
 static int GetUserId()
 {
     int uid = IPCSkeleton::GetCallingUid();
@@ -935,6 +939,11 @@ int FileAccessHelper::GetRegisteredFileAccessExtAbilityInfo(std::vector<AAFwk::W
         return E_PERMISSION_SYS;
     }
 
+    if (!CheckCallingPermission(FILE_ACCESS_PERMISSION) || !CheckCallingPermission(BUNDLE_INFO_PERMISSION)) {
+        HILOG_ERROR("permission error");
+        return E_PERMISSION;
+    }
+
     std::vector<AppExecFwk::ExtensionAbilityInfo> extensionInfos;
     sptr<AppExecFwk::IBundleMgr> bm = FileAccessHelper::GetBundleMgrProxy();
     if (bm == nullptr) {
@@ -1187,5 +1196,19 @@ int FileAccessHelper::MoveFile(Uri &sourceFile, Uri &targetParent, std::string &
 
     return ERR_OK;
 }
+
+bool FileAccessHelper::CheckCallingPermission(const std::string &permission)
+{
+    UserAccessTracer trace;
+    trace.Start("CheckCallingPermission");
+    Security::AccessToken::AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID();
+    int res = Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenCaller, permission);
+    if (res != Security::AccessToken::PermissionState::PERMISSION_GRANTED) {
+        HILOG_ERROR("FileAccessExtStub::CheckCallingPermission have no fileAccess permission");
+        return false;
+    }
+
+    return true;
+}
 } // namespace FileAccessFwk
 } // namespace OHOS
\ No newline at end of file