diff --git a/services/distributedhardwarefwkservice/src/distributed_hardware_stub.cpp b/services/distributedhardwarefwkservice/src/distributed_hardware_stub.cpp
index e80494529835500383a130b0bf96ce87289e7d1f..d4caa3cee5cc6dd64b05fe84ac068d06e335277b 100644
--- a/services/distributedhardwarefwkservice/src/distributed_hardware_stub.cpp
+++ b/services/distributedhardwarefwkservice/src/distributed_hardware_stub.cpp
@@ -283,6 +283,7 @@ int32_t OHOS::DistributedHardware::DistributedHardwareStub::HandleNotifySourceRe
     MessageParcel &reply)
 {
     DHLOGI("HandleNotifySourceRemoteSinkStarted Start.");
+    Security::AccessToken::AccessTokenID callerToken = IPCSkeleton::GetDCallingTokenID();
     std::string udid = data.ReadString();
     if (!IsIdLengthValid(udid)) {
         DHLOGE("the udid: %{public}s is invalid.", GetAnonyString(udid).c_str());
@@ -294,6 +295,13 @@ int32_t OHOS::DistributedHardware::DistributedHardwareStub::HandleNotifySourceRe
         DHLOGE("the networkId: %{public}s is invalid, not a trusted device.", GetAnonyString(networkId).c_str());
         return ERR_DH_FWK_PARA_INVALID;
     }
+    uint32_t dAccessToken = Security::AccessToken::AccessTokenKit::AllocLocalTokenID(networkId, callerToken);
+    const std::string permissionName = "ohos.permission.ACCESS_DISTRIBUTED_HARDWARE";
+    int32_t result = Security::AccessToken::AccessTokenKit::VerifyAccessToken(dAccessToken, permissionName);
+    if (result != Security::AccessToken::PERMISSION_GRANTED) {
+        DHLOGE("The caller has no ACCESS_DISTRIBUTED_HARDWARE permission.");
+        return ERR_DH_FWK_ACCESS_PERMISSION_CHECK_FAIL;
+    }
 
     int32_t ret = NotifySourceRemoteSinkStarted(udid);
     if (!reply.WriteInt32(ret)) {