diff --git a/interfaces/kits/js/BUILD.gn b/interfaces/kits/js/BUILD.gn
index 8b4b5914d370b082410495c9c74cf5457ed27e20..f693c3f9c4230773489b522b95f6135083b4be9d 100644
--- a/interfaces/kits/js/BUILD.gn
+++ b/interfaces/kits/js/BUILD.gn
@@ -207,7 +207,10 @@ ohos_shared_library("environment") {
 
   deps = [ "//foundation/arkui/napi:ace_napi" ]
 
-  external_deps = [ "hiviewdfx_hilog_native:libhilog" ]
+  external_deps = [
+    "access_token:libtokenid_sdk",
+    "hiviewdfx_hilog_native:libhilog",
+  ]
 }
 
 ohos_shared_library("securitylabel") {
diff --git a/interfaces/kits/js/src/common/uni_error.h b/interfaces/kits/js/src/common/uni_error.h
index b9d2b7a303dff27f623747fef517cbc47a2d07b2..85a4184f4eea05927d934c46f4e5f814cf42cf0a 100644
--- a/interfaces/kits/js/src/common/uni_error.h
+++ b/interfaces/kits/js/src/common/uni_error.h
@@ -39,6 +39,14 @@ enum ErrCodeSystem {
     ERR_CODE_SYSTEM_POSIX,
 };
 
+enum CommonErrCode {
+    E_PERMISSION = 201,
+    E_PERMISSION_SYS = 202,
+    E_PARAMS = 401,
+    E_DEVICENOTSUPPORT = 801,
+    E_OSNOTSUPPORT = 901
+};
+
 enum ErrCodeSuffix {
     E_PERM = 1,
     E_NOENT,
@@ -126,7 +134,12 @@ const std::unordered_map<int, std::pair<int32_t, std::string>> errCodeTable {
     { EBADFD, { FILEIO_SYS_CAP_TAG + E_BADFD, "File descriptor in bad state" } },
     { ERESTART, { FILEIO_SYS_CAP_TAG + E_RESTART, "Interrupted system call should be restarted" } },
     { EDQUOT, { FILEIO_SYS_CAP_TAG + E_DQUOT, "Quota exceeded" } },
-    { -1, { FILEIO_SYS_CAP_TAG + E_UKERR, "Unknown error" } }
+    { -1, { FILEIO_SYS_CAP_TAG + E_UKERR, "Unknown error" } },
+    { E_PERMISSION, { E_PERMISSION, "Permission verification failed" } },
+    { E_PERMISSION_SYS, { E_PERMISSION, "The caller is not a system application" } },
+    { E_PARAMS, { E_PERMISSION, "The input parameter is invalid" } },
+    { E_DEVICENOTSUPPORT, { E_PERMISSION, "The device doesn't support this api" } },
+    { E_OSNOTSUPPORT, { E_PERMISSION, "The os doesn't support this api" } },
 };
 
 class UniError {
diff --git a/interfaces/kits/js/src/mod_environment/environment_n_exporter.cpp b/interfaces/kits/js/src/mod_environment/environment_n_exporter.cpp
index 780bdc2bc80e5fcc3c985fca78076eebb6357652..470e0a76c6a834e0831d57f0cd71f19bb5bc5247 100644
--- a/interfaces/kits/js/src/mod_environment/environment_n_exporter.cpp
+++ b/interfaces/kits/js/src/mod_environment/environment_n_exporter.cpp
@@ -23,6 +23,8 @@
 #include "../common/napi/n_func_arg.h"
 #include "../common/napi/n_val.h"
 #include "../common/uni_error.h"
+#include "ipc_skeleton.h"
+#include "tokenid_kit.h"
 
 namespace OHOS {
 namespace DistributedFS {
@@ -30,8 +32,19 @@ namespace ModuleEnvironment {
 namespace {
     const std::string STORAGE_DATA_PATH = "/data";
 }
+
+bool IsSystemApp()
+{
+    uint64_t fullTokenId = OHOS::IPCSkeleton::GetCallingFullTokenID();
+    return Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(fullTokenId);
+}
+
 napi_value GetStorageDataDir(napi_env env, napi_callback_info info)
 {
+    if (IsSystemApp()) {
+        UniError(E_PERMISSION_SYS).ThrowErr(env);
+        return nullptr;
+    }
     NFuncArg funcArg(env, info);
     if (!funcArg.InitArgs(NARG_CNT::ZERO, NARG_CNT::ONE)) {
         UniError(EINVAL).ThrowErr(env, "Number of arguments unmatched");