diff --git a/services/distributeddataservice/service/object/BUILD.gn b/services/distributeddataservice/service/object/BUILD.gn
index e76a7510e2f782d5228323c0442f9315207bf6fc..661ba42709af71e2589d6876e18b7fdac913bf52 100644
--- a/services/distributeddataservice/service/object/BUILD.gn
+++ b/services/distributeddataservice/service/object/BUILD.gn
@@ -20,6 +20,7 @@ config("object_public_config") {
     "${data_service_path}/service/common",
     "${data_service_path}/adapter/include/communicator",
     "${data_service_path}/adapter/include/utils",
+    "${data_service_path}/service/permission/include",
   ]
 }
 
diff --git a/services/distributeddataservice/service/object/include/object_service_impl.h b/services/distributeddataservice/service/object/include/object_service_impl.h
index e398edface1861cb6e1ff32a6e57eb41293fba57..1cba5895262d09f2123db3b5d9fc0f2d3d727bce 100644
--- a/services/distributeddataservice/service/object/include/object_service_impl.h
+++ b/services/distributeddataservice/service/object/include/object_service_impl.h
@@ -70,6 +70,7 @@ private:
     void RegisterHandler();
     int32_t SaveMetaData(StoreMetaData& saveMeta, const std::string &user, const std::string &account);
     void UpdateMetaData();
+    int32_t PermissionCheck(const std::string &bundleName, const std::string &sessionId, uint32_t &tokenId);
 
     static Factory factory_;
     std::shared_ptr<ExecutorPool> executors_;
diff --git a/services/distributeddataservice/service/object/src/object_manager.cpp b/services/distributeddataservice/service/object/src/object_manager.cpp
index 51635cf04016c7d369f3f105499797f29c7460c2..859de7085d019a26f19bc35140329b36d32a3760 100644
--- a/services/distributeddataservice/service/object/src/object_manager.cpp
+++ b/services/distributeddataservice/service/object/src/object_manager.cpp
@@ -317,6 +317,7 @@ int32_t ObjectStoreManager::Clear()
         return STORE_NOT_OPEN;
     }
     result = RevokeSaveToStore("");
+    callbacks_.Clear();
     Close();
     return result;
 }
diff --git a/services/distributeddataservice/service/object/src/object_service_impl.cpp b/services/distributeddataservice/service/object/src/object_service_impl.cpp
index 71f6195e7a2c4182f769693e996f633a94bc5875..f87fca6f87ab6cbf3c74b8d05f42a5fba5b644bb 100644
--- a/services/distributeddataservice/service/object/src/object_service_impl.cpp
+++ b/services/distributeddataservice/service/object/src/object_service_impl.cpp
@@ -33,6 +33,7 @@
 #include "metadata/store_meta_data.h"
 #include "object_asset_loader.h"
 #include "object_dms_handler.h"
+#include "permission_validator.h"
 #include "snapshot/bind_event.h"
 #include "store/auto_cache.h"
 #include "utils/anonymous.h"
@@ -60,6 +61,23 @@ ObjectServiceImpl::Factory::~Factory()
 {
 }
 
+int32_t ObjectServiceImpl::PermissionCheck(const std::string &bundleName, const std::string &sessionId, uint32_t &tokenId)
+{
+    bool isContinue = false;
+    int32_t status = IsContinue(isContinue);
+    if (status != OBJECT_SUCCESS) {
+        ZLOGE("object continue failed %{public}d", status);
+        return status;
+    }
+    // check permission
+    if (!isContinue && !DistributedKv::PermissionValidator::GetInstance().CheckSyncPermission(tokenId)) {
+        ZLOGE("object permission denied, isContinue:%{public}d, bundleName:%{public}s, sessionId:%{public}s,"
+            " tokenId:%{public}d", isContinue, bundleName.c_str(), sessionId.c_str(), tokenId);
+        return OBJECT_PERMISSION_DENIED;
+    }
+    return OBJECT_SUCCESS;
+}
+
 int32_t ObjectServiceImpl::ObjectStoreSave(const std::string &bundleName, const std::string &sessionId,
     const std::string &deviceId, const std::map<std::string, std::vector<uint8_t>> &data,
     sptr<IRemoteObject> callback)
@@ -72,6 +90,11 @@ int32_t ObjectServiceImpl::ObjectStoreSave(const std::string &bundleName, const
     if (status != OBJECT_SUCCESS) {
         return status;
     }
+    status = PermissionCheck(bundleName, sessionId, tokenId);
+    if (status != OBJECT_SUCCESS) {
+        ZLOGE("Save permission check fail %{public}d", status);
+        return status;
+    }
     status = ObjectStoreManager::GetInstance()->Save(bundleName, sessionId, data, deviceId, callback);
     if (status != OBJECT_SUCCESS) {
         ZLOGE("save fail %{public}d", status);
@@ -208,6 +231,11 @@ int32_t ObjectServiceImpl::ObjectStoreRevokeSave(
     if (status != OBJECT_SUCCESS) {
         return status;
     }
+    status = PermissionCheck(bundleName, sessionId, tokenId);
+    if (status != OBJECT_SUCCESS) {
+        ZLOGE("Save permission check fail %{public}d", status);
+        return status;
+    }
     status = ObjectStoreManager::GetInstance()->RevokeSave(bundleName, sessionId, callback);
     if (status != OBJECT_SUCCESS) {
         ZLOGE("revoke save fail %{public}d", status);
@@ -225,6 +253,11 @@ int32_t ObjectServiceImpl::ObjectStoreRetrieve(
     if (status != OBJECT_SUCCESS) {
         return status;
     }
+    status = PermissionCheck(bundleName, sessionId, tokenId);
+    if (status != OBJECT_SUCCESS) {
+        ZLOGE("Save permission check fail %{public}d", status);
+        return status;
+    }
     status = ObjectStoreManager::GetInstance()->Retrieve(bundleName, sessionId, callback, tokenId);
     if (status != OBJECT_SUCCESS) {
         ZLOGE("retrieve fail %{public}d", status);
@@ -279,8 +312,7 @@ int32_t ObjectServiceImpl::IsBundleNameEqualTokenId(
     storeInfo.tokenId = tokenId;
     storeInfo.bundleName = bundleName;
     storeInfo.storeId = sessionId;
-    std::string appId = DistributedData::CheckerManager::GetInstance().GetAppId(storeInfo);
-    if (appId.empty()) {
+    if (!DistributedData::CheckerManager::GetInstance().IsValid(storeInfo)) {
         ZLOGE("object bundleName wrong, bundleName = %{public}s, uid = %{public}d, tokenId = %{public}s",
               bundleName.c_str(), storeInfo.uid, Anonymous::Change(std::to_string(storeInfo.tokenId)).c_str());
         return OBJECT_PERMISSION_DENIED;
diff --git a/services/distributeddataservice/service/udmf/store/runtime_store.cpp b/services/distributeddataservice/service/udmf/store/runtime_store.cpp
index fa6f511e98b815d45800cf80844c12ecfaf13649..9174b1b23fb499814d897256884f2e57507e3400 100644
--- a/services/distributeddataservice/service/udmf/store/runtime_store.cpp
+++ b/services/distributeddataservice/service/udmf/store/runtime_store.cpp
@@ -447,7 +447,7 @@ bool RuntimeStore::BuildMetaDataParam(DistributedData::StoreMetaData &metaData)
         return false;
     }
 
-    uint32_t token = IPCSkeleton::GetSelfTokenID();
+    uint32_t token = IPCSkeleton::GetCallingFullTokenID();
     const std::string userId = std::to_string(DistributedData::AccountDelegate::GetInstance()->GetUserByToken(token));
     metaData.appType = "harmony";
     metaData.deviceId = localDeviceId;
@@ -463,8 +463,9 @@ bool RuntimeStore::BuildMetaDataParam(DistributedData::StoreMetaData &metaData)
     metaData.securityLevel = DistributedKv::SecurityLevel::S1;
     metaData.area = DistributedKv::Area::EL1;
     metaData.uid = static_cast<int32_t>(getuid());
-    metaData.storeType = DistributedKv::KvStoreType::SINGLE_VERSION;
+    metaData.storeType = DistributedData::StoreMetaData::StoreType::STORE_UDMF_BEGIN;
     metaData.dataType = DistributedKv::DataType::TYPE_DYNAMICAL;
+    metaData.authType = DistributedKv::AuthType::IDENTICAL_ACCOUNT;
     metaData.dataDir = DistributedData::DirectoryManager::GetInstance().GetStorePath(metaData);
 
     return true;
@@ -497,9 +498,13 @@ bool RuntimeStore::SaveMetaData()
     if (DistributedData::MetaDataManager::GetInstance().LoadMeta(saveMeta.GetKey(), loadLocal, true) &&
         DistributedData::MetaDataManager::GetInstance().LoadMeta(saveMeta.GetKey(), syncMeta, false)) {
         ZLOGD("Meta data is already saved.");
-        return true;
+        // 判断是否需要更新
+        if (loadLocal == saveMeta && syncMeta == saveMeta) {
+            return true;
+        }
     }
-
+    // 需重新更新meta
+    ZLOGI("SaveMeta, saveMeta.key:%{public}s", saveMeta.GetKey().c_str());
     auto saved = DistributedData::MetaDataManager::GetInstance().SaveMeta(saveMeta.GetKey(), saveMeta) &&
                  DistributedData::MetaDataManager::GetInstance().SaveMeta(saveMeta.GetKey(), saveMeta, true);
     if (!saved) {
@@ -562,5 +567,13 @@ Status RuntimeStore::DeleteEntries(const std::vector<Key> &keys)
     return E_OK;
 }
 
+Status RuntimeStore::DeleteStore()
+{
+    // delete store: 1.先看是不是老meta，是的话，删除老meta，再删除store
+    delegateManager_->DeleteKvStore(storeId_);
+    // delete meta
+    return E_OK;
+}
+
 } // namespace UDMF
 } // namespace OHOS
\ No newline at end of file
diff --git a/services/distributeddataservice/service/udmf/store/runtime_store.h b/services/distributeddataservice/service/udmf/store/runtime_store.h
index eb83a3503cefebf22a1a7ce15f9f801508ff7228..0d8781f1d453ca701a4e923c870a4878d5642e05 100644
--- a/services/distributeddataservice/service/udmf/store/runtime_store.h
+++ b/services/distributeddataservice/service/udmf/store/runtime_store.h
@@ -43,6 +43,7 @@ public:
     Status DeleteLocal(const std::string &key) override;
     Status PutRuntime(const std::string &key, const Runtime &runtime) override;
     Status GetRuntime(const std::string &key, Runtime &runtime) override;
+    Status DeleteStore();
     void Close() override;
     bool Init() override;