diff --git a/frameworks/accesstoken/BUILD.gn b/frameworks/accesstoken/BUILD.gn
index 3471db521a3fba1945752e34c4bd152bd158beaa..0b7eff140d07a4b2317e8e9ea90194e3e554671d 100644
--- a/frameworks/accesstoken/BUILD.gn
+++ b/frameworks/accesstoken/BUILD.gn
@@ -38,6 +38,7 @@ ohos_shared_library("accesstoken_communication_adapter_cxx") {
     "src/hap_policy_parcel.cpp",
     "src/hap_token_info_for_sync_parcel.cpp",
     "src/hap_token_info_parcel.cpp",
+    "src/native_token_info_for_sync_parcel.cpp",
     "src/native_token_info_parcel.cpp",
     "src/permission_def_parcel.cpp",
     "src/permission_list_state_parcel.cpp",
diff --git a/frameworks/accesstoken/include/i_accesstoken_manager.h b/frameworks/accesstoken/include/i_accesstoken_manager.h
index b9c78cbeac08374ebad7ef7351328ed911bc4274..46312f8d17a6daa96ffb84df853d9db8e323d494 100644
--- a/frameworks/accesstoken/include/i_accesstoken_manager.h
+++ b/frameworks/accesstoken/include/i_accesstoken_manager.h
@@ -25,6 +25,7 @@
 #include "hap_token_info_for_sync_parcel.h"
 #include "hap_token_info_parcel.h"
 #include "iremote_broker.h"
+#include "native_token_info_for_sync_parcel.h"
 #include "native_token_info_parcel.h"
 #include "permission_def_parcel.h"
 #include "permission_list_state_parcel.h"
@@ -65,11 +66,11 @@ public:
 #ifdef TOKEN_SYNC_ENABLE
     virtual int GetHapTokenInfoFromRemote(AccessTokenID tokenID,
         HapTokenInfoForSyncParcel& hapSyncParcel) = 0;
-    virtual int GetAllNativeTokenInfo(std::vector<NativeTokenInfoParcel>& nativeTokenInfoRes)  = 0;
+    virtual int GetAllNativeTokenInfo(std::vector<NativeTokenInfoForSyncParcel>& nativeTokenInfoRes)  = 0;
     virtual int SetRemoteHapTokenInfo(const std::string& deviceID,
         HapTokenInfoForSyncParcel& hapSyncParcel) = 0;
     virtual int SetRemoteNativeTokenInfo(const std::string& deviceID,
-        std::vector<NativeTokenInfoParcel>& nativeTokenInfoParcel)  = 0;
+        std::vector<NativeTokenInfoForSyncParcel>& nativeTokenInfoForSyncParcel)  = 0;
     virtual int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) = 0;
     virtual AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID) = 0;
     virtual int DeleteRemoteDeviceTokens(const std::string& deviceID)  = 0;
diff --git a/frameworks/accesstoken/include/native_token_info_for_sync_parcel.h b/frameworks/accesstoken/include/native_token_info_for_sync_parcel.h
new file mode 100644
index 0000000000000000000000000000000000000000..a4b6b397cf9d2f4c83d8291ae38f71b7829ad79d
--- /dev/null
+++ b/frameworks/accesstoken/include/native_token_info_for_sync_parcel.h
@@ -0,0 +1,40 @@
+/*
+ * Copyright (c) 2022 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef NATIVE_TOKEN_INFO_FOR_SYNC_PARCEL_H
+#define NATIVE_TOKEN_INFO_FOR_SYNC_PARCEL_H
+
+#include "native_token_info.h"
+#include "parcel.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+struct NativeTokenInfoForSyncParcel final : public Parcelable {
+    NativeTokenInfoForSyncParcel() = default;
+
+    ~NativeTokenInfoForSyncParcel() override = default;
+
+    bool Marshalling(Parcel &out) const override;
+
+    static NativeTokenInfoForSyncParcel *Unmarshalling(Parcel &in);
+
+    NativeTokenInfoForSync nativeTokenInfoForSyncParams;
+};
+}  // namespace AccessToken
+}  // namespace Security
+}  // namespace OHOS
+#endif  // NATIVE_TOKEN_INFO_FOR_SYNC_PARCEL_H
+
diff --git a/frameworks/accesstoken/src/native_token_info_for_sync_parcel.cpp b/frameworks/accesstoken/src/native_token_info_for_sync_parcel.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..655f7b12e8eba21d66009d8854fec966304f1f02
--- /dev/null
+++ b/frameworks/accesstoken/src/native_token_info_for_sync_parcel.cpp
@@ -0,0 +1,75 @@
+/*
+ * Copyright (c) 2022 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "native_token_info_for_sync_parcel.h"
+#include "native_token_info_parcel.h"
+#include "permission_state_full_parcel.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+#define RETURN_IF_FALSE(expr) \
+    if (!(expr)) { \
+        return false; \
+    }
+
+#define RELEASE_IF_FALSE(expr, obj) \
+    if (!(expr)) { \
+        delete (obj); \
+        (obj) = nullptr; \
+        return (obj); \
+    }
+
+bool NativeTokenInfoForSyncParcel::Marshalling(Parcel& out) const
+{
+    NativeTokenInfoParcel baseInfoParcel;
+    baseInfoParcel.nativeTokenInfoParams = this->nativeTokenInfoForSyncParams.baseInfo;
+    out.WriteParcelable(&baseInfoParcel);
+
+    const std::vector<PermissionStateFull>& permStateList = this->nativeTokenInfoForSyncParams.permStateList;
+    int32_t permStateListSize = static_cast<int32_t>(permStateList.size());
+    RETURN_IF_FALSE(out.WriteInt32(permStateListSize));
+
+    for (int i = 0; i < permStateListSize; i++) {
+        PermissionStateFullParcel permStateParcel;
+        permStateParcel.permStatFull = permStateList[i];
+        out.WriteParcelable(&permStateParcel);
+    }
+
+    return true;
+}
+
+NativeTokenInfoForSyncParcel* NativeTokenInfoForSyncParcel::Unmarshalling(Parcel& in)
+{
+    auto* nativeTokenInfoForSyncParcel = new (std::nothrow) NativeTokenInfoForSyncParcel();
+    RELEASE_IF_FALSE(nativeTokenInfoForSyncParcel != nullptr, nativeTokenInfoForSyncParcel);
+
+    sptr<NativeTokenInfoParcel> baseInfoParcel = in.ReadParcelable<NativeTokenInfoParcel>();
+    RELEASE_IF_FALSE(baseInfoParcel != nullptr, nativeTokenInfoForSyncParcel);
+    nativeTokenInfoForSyncParcel->nativeTokenInfoForSyncParams.baseInfo = baseInfoParcel->nativeTokenInfoParams;
+
+    int permStateListSize;
+    RELEASE_IF_FALSE(in.ReadInt32(permStateListSize), nativeTokenInfoForSyncParcel);
+    for (int i = 0; i < permStateListSize; i++) {
+        sptr<PermissionStateFullParcel> permissionStateParcel = in.ReadParcelable<PermissionStateFullParcel>();
+        RELEASE_IF_FALSE(permissionStateParcel != nullptr, nativeTokenInfoForSyncParcel);
+        nativeTokenInfoForSyncParcel->nativeTokenInfoForSyncParams.permStateList.emplace_back(
+            permissionStateParcel->permStatFull);
+    }
+    return nativeTokenInfoForSyncParcel;
+}
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
diff --git a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h
index 0c9740761b20df5dac28eff2e6f3c57e9d2daacc..4ee095db065c8d1b77936ced8368ce784136838c 100644
--- a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h
+++ b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h
@@ -59,10 +59,10 @@ public:
 
 #ifdef TOKEN_SYNC_ENABLE
     static int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSync& hapSync);
-    static int GetAllNativeTokenInfo(std::vector<NativeTokenInfo>& nativeTokenInfosRes);
+    static int GetAllNativeTokenInfo(std::vector<NativeTokenInfoForSync>& nativeTokenInfosRes);
     static int SetRemoteHapTokenInfo(const std::string& deviceID, const HapTokenInfoForSync& hapSync);
     static int SetRemoteNativeTokenInfo(const std::string& deviceID,
-        std::vector<NativeTokenInfo>& nativeTokenInfoList);
+        std::vector<NativeTokenInfoForSync>& nativeTokenInfoList);
     static int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID);
     static AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID);
     static int DeleteRemoteDeviceTokens(const std::string& deviceID);
diff --git a/interfaces/innerkits/accesstoken/include/native_token_info.h b/interfaces/innerkits/accesstoken/include/native_token_info.h
index d02ef226bc3fa7b9a42122b147dd127e2bb42604..6044318807a62bb8a025e1cc71e13bd78f2e1cd2 100644
--- a/interfaces/innerkits/accesstoken/include/native_token_info.h
+++ b/interfaces/innerkits/accesstoken/include/native_token_info.h
@@ -19,6 +19,7 @@
 #include "access_token.h"
 #include <string>
 #include <vector>
+#include "permission_state_full.h"
 
 namespace OHOS {
 namespace Security {
@@ -32,6 +33,12 @@ public:
     AccessTokenID tokenID;
     AccessTokenAttr tokenAttr;
 };
+
+class NativeTokenInfoForSync final {
+public:
+    NativeTokenInfo baseInfo;
+    std::vector<PermissionStateFull> permStateList;
+};
 } // namespace AccessToken
 } // namespace Security
 } // namespace OHOS
diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp
index 9a16bc7bbdce47941b0b33cdd1cb773702b41521..ef7621ad902a37c0d7e944d4db4b6878e83f5ea9 100644
--- a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp
+++ b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp
@@ -314,7 +314,7 @@ int AccessTokenKit::GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInf
     return AccessTokenManagerClient::GetInstance().GetHapTokenInfoFromRemote(tokenID, hapSync);
 }
 
-int AccessTokenKit::GetAllNativeTokenInfo(std::vector<NativeTokenInfo>& nativeTokenInfosRes)
+int AccessTokenKit::GetAllNativeTokenInfo(std::vector<NativeTokenInfoForSync>& nativeTokenInfosRes)
 {
     ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__);
 
@@ -330,7 +330,7 @@ int AccessTokenKit::SetRemoteHapTokenInfo(const std::string& deviceID,
 }
 
 int AccessTokenKit::SetRemoteNativeTokenInfo(const std::string& deviceID,
-    std::vector<NativeTokenInfo>& nativeTokenInfoList)
+    std::vector<NativeTokenInfoForSync>& nativeTokenInfoList)
 {
     ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, deviceID=%{public}s", __func__, deviceID.c_str());
     return AccessTokenManagerClient::GetInstance()
diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp
index d8f78ff1c8c9a9f83fec63b65b7d0f7b17de3f30..855fe52ab15f09fdc46aedf262c267c57263fe54 100644
--- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp
+++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp
@@ -20,6 +20,7 @@
 #include "hap_token_info.h"
 #include "hap_token_info_for_sync_parcel.h"
 #include "iservice_registry.h"
+#include "native_token_info_for_sync_parcel.h"
 #include "native_token_info.h"
 
 namespace OHOS {
@@ -326,7 +327,7 @@ int AccessTokenManagerClient::GetHapTokenInfoFromRemote(AccessTokenID tokenID, H
     return res;
 }
 
-int AccessTokenManagerClient::GetAllNativeTokenInfo(std::vector<NativeTokenInfo>& nativeTokenInfosRes)
+int AccessTokenManagerClient::GetAllNativeTokenInfo(std::vector<NativeTokenInfoForSync>& nativeTokenInfosRes)
 {
     ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
     auto proxy = GetProxy();
@@ -335,10 +336,10 @@ int AccessTokenManagerClient::GetAllNativeTokenInfo(std::vector<NativeTokenInfo>
         return RET_FAILED;
     }
 
-    std::vector<NativeTokenInfoParcel> parcelList;
+    std::vector<NativeTokenInfoForSyncParcel> parcelList;
     int result = proxy->GetAllNativeTokenInfo(parcelList);
     for (auto nativeTokenParcel : parcelList) {
-        NativeTokenInfo native = nativeTokenParcel.nativeTokenInfoParams;
+        NativeTokenInfoForSync native = nativeTokenParcel.nativeTokenInfoForSyncParams;
         nativeTokenInfosRes.emplace_back(native);
     }
 
@@ -362,7 +363,7 @@ int AccessTokenManagerClient::SetRemoteHapTokenInfo(const std::string& deviceID,
 }
 
 int AccessTokenManagerClient::SetRemoteNativeTokenInfo(const std::string& deviceID,
-    std::vector<NativeTokenInfo>& nativeTokenInfoList)
+    std::vector<NativeTokenInfoForSync>& nativeTokenInfoList)
 {
     ACCESSTOKEN_LOG_DEBUG(LABEL, "%{public}s: called!", __func__);
     auto proxy = GetProxy();
@@ -370,14 +371,14 @@ int AccessTokenManagerClient::SetRemoteNativeTokenInfo(const std::string& device
         ACCESSTOKEN_LOG_ERROR(LABEL, "proxy is null");
         return RET_FAILED;
     }
-    std::vector<NativeTokenInfoParcel> hapTokenInfoParcels;
+    std::vector<NativeTokenInfoForSyncParcel> nativeTokenInfoParcels;
     for (auto native : nativeTokenInfoList) {
-        NativeTokenInfoParcel nativeTokenInfoParcel;
-        nativeTokenInfoParcel.nativeTokenInfoParams = native;
-        hapTokenInfoParcels.emplace_back(nativeTokenInfoParcel);
+        NativeTokenInfoForSyncParcel nativeTokenInfoForSyncParcel;
+        nativeTokenInfoForSyncParcel.nativeTokenInfoForSyncParams = native;
+        nativeTokenInfoParcels.emplace_back(nativeTokenInfoForSyncParcel);
     }
     PermissionStateFullParcel permStateParcel;
-    int res = proxy->SetRemoteNativeTokenInfo(deviceID, hapTokenInfoParcels);
+    int res = proxy->SetRemoteNativeTokenInfo(deviceID, nativeTokenInfoParcels);
     return res;
 }
 
diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h
index e55311aeb3e49bad7959aeabb531f39e43b96d97..82e867de4d1b231a9675520fc0cefbde06a5b805 100644
--- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h
+++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h
@@ -63,10 +63,10 @@ public:
 
 #ifdef TOKEN_SYNC_ENABLE
     int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSync& hapSync);
-    int GetAllNativeTokenInfo(std::vector<NativeTokenInfo>& nativeTokenInfosRes);
+    int GetAllNativeTokenInfo(std::vector<NativeTokenInfoForSync>& nativeTokenInfosRes);
     int SetRemoteHapTokenInfo(const std::string& deviceID, const HapTokenInfoForSync& hapSync);
     int SetRemoteNativeTokenInfo(const std::string& deviceID,
-        std::vector<NativeTokenInfo>& nativeTokenInfoList);
+        std::vector<NativeTokenInfoForSync>& nativeTokenInfoList);
     int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID);
     AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID);
     int DeleteRemoteDeviceTokens(const std::string& deviceID);
diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp
index 5ef80f692ce5e213ff942e0cc77ad7bd64de4290..8e891aef2c4c225334e3a638142165083a15d5b6 100644
--- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp
+++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp
@@ -735,7 +735,7 @@ int AccessTokenManagerProxy::GetHapTokenInfoFromRemote(AccessTokenID tokenID,
     return result;
 }
 
-int AccessTokenManagerProxy::GetAllNativeTokenInfo(std::vector<NativeTokenInfoParcel>& nativeTokenInfoRes)
+int AccessTokenManagerProxy::GetAllNativeTokenInfo(std::vector<NativeTokenInfoForSyncParcel>& nativeTokenInfoRes)
 {
     MessageParcel data;
     data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
@@ -761,7 +761,7 @@ int AccessTokenManagerProxy::GetAllNativeTokenInfo(std::vector<NativeTokenInfoPa
         return RET_FAILED;
     }
     for (int i = 0; i < size; i++) {
-        sptr<NativeTokenInfoParcel> nativeResult = reply.ReadParcelable<NativeTokenInfoParcel>();
+        sptr<NativeTokenInfoForSyncParcel> nativeResult = reply.ReadParcelable<NativeTokenInfoForSyncParcel>();
         if (nativeResult != nullptr) {
             nativeTokenInfoRes.emplace_back(*nativeResult);
         }
@@ -804,17 +804,17 @@ int AccessTokenManagerProxy::SetRemoteHapTokenInfo(const std::string& deviceID,
 }
 
 int AccessTokenManagerProxy::SetRemoteNativeTokenInfo(const std::string& deviceID,
-    std::vector<NativeTokenInfoParcel>& nativeTokenInfoParcel)
+    std::vector<NativeTokenInfoForSyncParcel>& nativeTokenInfoForSyncParcel)
 {
     MessageParcel data;
     data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
     if (!data.WriteString(deviceID)) {
         return RET_FAILED;
     }
-    if (!data.WriteUint32(nativeTokenInfoParcel.size())) {
+    if (!data.WriteUint32(nativeTokenInfoForSyncParcel.size())) {
         return RET_FAILED;
     }
-    for (NativeTokenInfoParcel& parcel : nativeTokenInfoParcel) {
+    for (NativeTokenInfoForSyncParcel& parcel : nativeTokenInfoForSyncParcel) {
         if (!data.WriteParcelable(&parcel)) {
             return RET_FAILED;
         }
diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h
index 5e549ade6a422f37f9c5bf8a94e72c6fb846ea1e..9bfbf432f5c2b9ab28e31ab01d65f4dbbae29a84 100644
--- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h
+++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h
@@ -26,6 +26,7 @@
 #include "hap_token_info_for_sync_parcel.h"
 #include "i_accesstoken_manager.h"
 #include "iremote_proxy.h"
+#include "native_token_info_for_sync_parcel.h"
 #include "native_token_info_parcel.h"
 #include "permission_def_parcel.h"
 #include "permission_list_state_parcel.h"
@@ -63,10 +64,10 @@ public:
 
 #ifdef TOKEN_SYNC_ENABLE
     int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSyncParcel& hapSyncParcel) override;
-    int GetAllNativeTokenInfo(std::vector<NativeTokenInfoParcel>& nativeTokenInfoRes) override;
+    int GetAllNativeTokenInfo(std::vector<NativeTokenInfoForSyncParcel>& nativeTokenInfoRes) override;
     int SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSyncParcel& hapSyncParcel) override;
     int SetRemoteNativeTokenInfo(const std::string& deviceID,
-        std::vector<NativeTokenInfoParcel>& nativeTokenInfoParcel) override;
+        std::vector<NativeTokenInfoForSyncParcel>& nativeTokenInfoForSyncParcel) override;
     int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) override;
     AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID) override;
     int DeleteRemoteDeviceTokens(const std::string& deviceID) override;
diff --git a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp
index 7758db9863c3236827ec97a775f3677008a87713..c90034be90e929c56c5c10e4aa0e695af13626a2 100644
--- a/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp
+++ b/interfaces/innerkits/accesstoken/test/unittest/src/accesstoken_kit_test.cpp
@@ -2131,7 +2131,15 @@ HWTEST_F(AccessTokenKitTest, GetTokenTypeFlag001, TestSize.Level1)
  */
 HWTEST_F(AccessTokenKitTest, GetTokenTypeFlag002, TestSize.Level1)
 {
-    uint64_t tokenId01 = GetAccessTokenId("GetTokenTypeFlag002", nullptr, 0, "system_core");
+    NativeTokenInfoParams infoInstance = {
+        .dcapsNum = 0,
+        .permsNum = 0,
+        .dcaps = nullptr,
+        .perms = nullptr,
+        .processName = "GetTokenTypeFlag002",
+        .aplStr = "system_core",
+    };
+    uint64_t tokenId01 = GetAccessTokenId(&infoInstance);
 
     AccessTokenID tokenID = tokenId01 & 0xffffffff;
     ATokenTypeEnum ret = AccessTokenKit::GetTokenTypeFlag(tokenID);
@@ -3208,7 +3216,7 @@ HWTEST_F(AccessTokenKitTest, GetAllNativeTokenInfo001, TestSize.Level1)
 {
     ACCESSTOKEN_LOG_INFO(LABEL, "GetAllNativeTokenInfo001 start.");
 
-    std::vector<NativeTokenInfo> nativeTokenInfosRes;
+    std::vector<NativeTokenInfoForSync> nativeTokenInfosRes;
     int ret = AccessTokenKit::GetAllNativeTokenInfo(nativeTokenInfosRes);
     ASSERT_EQ(ret, RET_SUCCESS);
 }
@@ -3224,16 +3232,16 @@ HWTEST_F(AccessTokenKitTest, SetRemoteNativeTokenInfo001, TestSize.Level1)
     ACCESSTOKEN_LOG_INFO(LABEL, "SetRemoteNativeTokenInfo001 start.");
     std::string deviceID = "ea82205d1f9964346ee12e17ec0f362bb7203fca7c62d82899ffa917f9cbe6b2";
 
-    NativeTokenInfo native1 = {
-        .apl = APL_NORMAL,
-        .ver = 1,
-        .processName = "native_test1",
-        .dcap = {"SYSDCAP", "DMSDCAP"},
-        .tokenID = 0x28000000,
-        .tokenAttr = 0
+    NativeTokenInfoForSync native1 = {
+        .baseInfo.apl = APL_NORMAL,
+        .baseInfo.ver = 1,
+        .baseInfo.processName = "native_test1",
+        .baseInfo.dcap = {"SYSDCAP", "DMSDCAP"},
+        .baseInfo.tokenID = 0x28000000,
+        .baseInfo.tokenAttr = 0
     };
 
-    std::vector<NativeTokenInfo> nativeTokenInfoList;
+    std::vector<NativeTokenInfoForSync> nativeTokenInfoList;
     nativeTokenInfoList.emplace_back(native1);
 
     int ret = AccessTokenKit::SetRemoteNativeTokenInfo(deviceID, nativeTokenInfoList);
@@ -3246,13 +3254,13 @@ HWTEST_F(AccessTokenKitTest, SetRemoteNativeTokenInfo001, TestSize.Level1)
     ret = AccessTokenKit::GetNativeTokenInfo(mapID, resultInfo);
     ASSERT_EQ(ret, RET_SUCCESS);
 
-    ASSERT_EQ(resultInfo.apl, native1.apl);
-    ASSERT_EQ(resultInfo.ver, native1.ver);
-    ASSERT_EQ(resultInfo.processName, native1.processName);
+    ASSERT_EQ(resultInfo.apl, native1.baseInfo.apl);
+    ASSERT_EQ(resultInfo.ver, native1.baseInfo.ver);
+    ASSERT_EQ(resultInfo.processName, native1.baseInfo.processName);
     ASSERT_EQ(resultInfo.dcap.size(), 2);
     ASSERT_EQ(resultInfo.dcap[0], "SYSDCAP");
     ASSERT_EQ(resultInfo.dcap[1], "DMSDCAP");
     ASSERT_EQ(resultInfo.tokenID, mapID);
-    ASSERT_EQ(resultInfo.tokenAttr, native1.tokenAttr);
+    ASSERT_EQ(resultInfo.tokenAttr, native1.baseInfo.tokenAttr);
 }
 #endif
diff --git a/interfaces/innerkits/nativetoken/include/nativetoken.h b/interfaces/innerkits/nativetoken/include/nativetoken.h
index d256589538076de295231ed900d9fa5403b88064..c353476f97fd60733f5521b17d3f3b24c5bbe372 100644
--- a/interfaces/innerkits/nativetoken/include/nativetoken.h
+++ b/interfaces/innerkits/nativetoken/include/nativetoken.h
@@ -41,6 +41,8 @@ extern "C" {
 #define MAX_JSON_FILE_LEN 102400
 #define MAX_DCAPS_NUM 32
 #define MAX_DCAP_LEN 1024
+#define MAX_PERM_NUM 64
+#define MAX_PERM_LEN 256
 #define MAX_PARAMTER_LEN 128
 #define SYSTEM_PROP_NATIVE_RECEPTOR "rw.nativetoken.receptor.startup"
 #define PATH_MAX_LEN 4096
@@ -51,6 +53,7 @@ extern "C" {
 #define ATRET_SUCCESS 0
 
 #define DCAPS_KEY_NAME  "dcaps"
+#define PERMS_KEY_NAME  "permissions"
 #define TOKENID_KEY_NAME "tokenId"
 #define TOKEN_ATTR_KEY_NAME "tokenAttr"
 #define APL_KEY_NAME "APL"
@@ -81,11 +84,19 @@ typedef struct TokenList {
     NativeAtId tokenId;
     int32_t apl;
     char *dcaps[MAX_DCAPS_NUM];
+    char *perms[MAX_PERM_NUM];
     int dcapsNum;
+    int permsNum;
     char processName[MAX_PROCESS_NAME_LEN + 1];
     struct TokenList *next;
 } NativeTokenList;
 
+typedef struct StrArrayAttribute {
+    int32_t maxStrNum;
+    uint32_t maxStrLen;
+    const char *strKey;
+} StrArrayAttr;
+
 extern int32_t GetFileBuff(const char *cfg, char **retBuff);
 #ifdef __cplusplus
 }
diff --git a/interfaces/innerkits/nativetoken/include/nativetoken_kit.h b/interfaces/innerkits/nativetoken/include/nativetoken_kit.h
index 8975df42a4a57cf9808d10613f2e16ba7839c175..85f14596698abfde7981b6c7af5ec9c427bcc4e9 100644
--- a/interfaces/innerkits/nativetoken/include/nativetoken_kit.h
+++ b/interfaces/innerkits/nativetoken/include/nativetoken_kit.h
@@ -25,7 +25,16 @@
 extern "C" {
 #endif
 
-extern uint64_t GetAccessTokenId(const char *processname, const char **dcap, int32_t dacpNum, const char *aplStr);
+typedef struct TokenInfoParams {
+    int dcapsNum;
+    int permsNum;
+    const char **dcaps;
+    const char **perms;
+    const char *processName;
+    const char *aplStr;
+} NativeTokenInfoParams;
+
+extern uint64_t GetAccessTokenId(NativeTokenInfoParams *nativeProcInfo);
 
 #ifdef __cplusplus
 }
diff --git a/interfaces/innerkits/nativetoken/src/nativetoken.c b/interfaces/innerkits/nativetoken/src/nativetoken.c
index cbe4743bf54762ddb4d8b5ff8742c38a9bbcbae3..cc8e9610d485d30ff88099103a493951c16bf9c1 100644
--- a/interfaces/innerkits/nativetoken/src/nativetoken.c
+++ b/interfaces/innerkits/nativetoken/src/nativetoken.c
@@ -76,17 +76,17 @@ int32_t GetFileBuff(const char *cfg, char **retBuff)
     return ATRET_SUCCESS;
 }
 
-static void FreeDcaps(char *dcaps[MAX_DCAPS_NUM], int32_t num)
+static void FreeStrArray(char **arr, int32_t num)
 {
     for (int32_t i = 0; i <= num; i++) {
-        if (dcaps[i] != NULL) {
-            free(dcaps[i]);
-            dcaps[i] = NULL;
+        if (arr[i] != NULL) {
+            free(arr[i]);
+            arr[i] = NULL;
         }
     }
 }
 
-static uint32_t GetprocessNameFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode)
+static uint32_t GetProcessNameFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode)
 {
     cJSON *processNameJson = cJSON_GetObjectItem(cjsonItem, PROCESS_KEY_NAME);
     if (!cJSON_IsString(processNameJson) || (strlen(processNameJson->valuestring) > MAX_PROCESS_NAME_LEN)) {
@@ -135,35 +135,35 @@ static uint32_t GetAplFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode)
     return ATRET_SUCCESS;
 }
 
-static uint32_t GetDcapsInfoFromJson(cJSON *cjsonItem, NativeTokenList *tokenNode)
+static uint32_t GetInfoArrFromJson(cJSON *cjsonItem, char *strArr[], int *strNum, StrArrayAttr *attr)
 {
-    cJSON *dcapsJson = cJSON_GetObjectItem(cjsonItem, DCAPS_KEY_NAME);
-    int32_t dcapSize = cJSON_GetArraySize(dcapsJson);
-
-    tokenNode->dcapsNum = dcapSize;
-    if (dcapSize > MAX_DCAPS_NUM) {
-        ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcapSize = %d is invalid.", __func__, dcapSize);
+    cJSON *strArrJson = cJSON_GetObjectItem(cjsonItem, attr->strKey);
+    int32_t size = cJSON_GetArraySize(strArrJson);
+    if (size > attr->maxStrNum) {
+        ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:size = %d is invalid.", __func__, size);
         return ATRET_FAILED;
     }
-    for (int32_t i = 0; i < dcapSize; i++) {
-        cJSON *dcapItem = cJSON_GetArrayItem(dcapsJson, i);
-        if (dcapItem == NULL || !cJSON_IsString(dcapItem) || dcapItem->valuestring == NULL) {
+    *strNum = size;
+
+    for (int32_t i = 0; i < size; i++) {
+        cJSON *item = cJSON_GetArrayItem(strArrJson, i);
+        if ((item == NULL) || (!cJSON_IsString(item)) || (item->valuestring == NULL)) {
             ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_GetArrayItem failed.", __func__);
             return ATRET_FAILED;
         }
-        size_t length = strlen(dcapItem->valuestring);
-        if (length > MAX_DCAP_LEN) {
-            ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcapItem is invalid.", __func__);
+        size_t length = strlen(item->valuestring);
+        if (length > attr->maxStrLen) {
+            ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:item length %zu is invalid.", __func__, length);
             return ATRET_FAILED;
         }
-        tokenNode->dcaps[i] = (char *)malloc(sizeof(char) * (length + 1));
-        if (tokenNode->dcaps[i] == NULL) {
-            FreeDcaps(tokenNode->dcaps, i - 1);
+        strArr[i] = (char *)malloc(sizeof(char) * (length + 1));
+        if (strArr[i] == NULL) {
+            FreeStrArray(strArr, i - 1);
             ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:malloc invalid.", __func__);
             return ATRET_FAILED;
         }
-        if (strcpy_s(tokenNode->dcaps[i], length + 1, dcapItem->valuestring) != EOK) {
-            FreeDcaps(tokenNode->dcaps, i);
+        if (strcpy_s(strArr[i], length + 1, item->valuestring) != EOK) {
+            FreeStrArray(strArr, i);
             ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:strcpy_s failed.", __func__);
             return ATRET_FAILED;
         }
@@ -173,17 +173,17 @@ static uint32_t GetDcapsInfoFromJson(cJSON *cjsonItem, NativeTokenList *tokenNod
 
 static int32_t GetTokenList(const cJSON *object)
 {
-    int32_t arraySize;
-    int32_t i;
     uint32_t ret;
     NativeTokenList *tmp = NULL;
+    StrArrayAttr attr;
 
     if (object == NULL) {
         ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:object is null.", __func__);
         return ATRET_FAILED;
     }
-    arraySize = cJSON_GetArraySize(object);
-    for (i = 0; i < arraySize; i++) {
+    int32_t arraySize = cJSON_GetArraySize(object);
+
+    for (int32_t i = 0; i < arraySize; i++) {
         tmp = (NativeTokenList *)malloc(sizeof(NativeTokenList));
         if (tmp == NULL) {
             ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:memory alloc failed.", __func__);
@@ -195,12 +195,28 @@ static int32_t GetTokenList(const cJSON *object)
             ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_GetArrayItem failed.", __func__);
             return ATRET_FAILED;
         }
-        ret = GetprocessNameFromJson(cjsonItem, tmp);
+        ret = GetProcessNameFromJson(cjsonItem, tmp);
         ret |= GetTokenIdFromJson(cjsonItem, tmp);
         ret |= GetAplFromJson(cjsonItem, tmp);
-        ret |= GetDcapsInfoFromJson(cjsonItem, tmp);
+
+        attr.maxStrLen = MAX_DCAP_LEN;
+        attr.maxStrNum = MAX_DCAPS_NUM;
+        attr.strKey = DCAPS_KEY_NAME;
+        ret |= GetInfoArrFromJson(cjsonItem, tmp->dcaps, &(tmp->dcapsNum), &attr);
+        if (ret != ATRET_SUCCESS) {
+            free(tmp);
+            ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:GetInfoArrFromJson failed for dcaps.", __func__);
+            return ATRET_FAILED;
+        }
+
+        attr.maxStrLen = MAX_PERM_LEN;
+        attr.maxStrNum = MAX_PERM_NUM;
+        attr.strKey = PERMS_KEY_NAME;
+        ret = GetInfoArrFromJson(cjsonItem, tmp->perms, &(tmp->permsNum), &attr);
         if (ret != ATRET_SUCCESS) {
             free(tmp);
+            FreeStrArray(tmp->dcaps, tmp->dcapsNum - 1);
+            ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:GetInfoArrFromJson failed for perms.", __func__);
             return ATRET_FAILED;
         }
 
@@ -395,24 +411,25 @@ static void WriteToFile(const cJSON *root)
     return;
 }
 
-static int32_t AddDcapsArray(cJSON *object, const NativeTokenList *curr)
+static int32_t AddStrArrayInfo(cJSON *object, char * const strArray[], int strNum, const char *strKey)
 {
-    cJSON *dcapsArr = cJSON_CreateArray();
-    if (dcapsArr == NULL) {
+    cJSON *strJsonArr = cJSON_CreateArray();
+    if (strJsonArr == NULL) {
+        ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:CreateArray failed, strKey :%s.", __func__, strKey);
         return ATRET_FAILED;
     }
-    for (int32_t i = 0; i < curr->dcapsNum; i++) {
-        cJSON *item =  cJSON_CreateString(curr->dcaps[i]);
-        if (item == NULL || !cJSON_AddItemToArray(dcapsArr, item)) {
-            ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:tokenAttr cJSON_AddItemToArray failed.", __func__);
+    for (int32_t i = 0; i < strNum; i++) {
+        cJSON *item =  cJSON_CreateString(strArray[i]);
+        if (item == NULL || !cJSON_AddItemToArray(strJsonArr, item)) {
+            ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:AddItemToArray failed, strKey : %s.", __func__, strKey);
             cJSON_Delete(item);
-            cJSON_Delete(dcapsArr);
+            cJSON_Delete(strJsonArr);
             return ATRET_FAILED;
         }
     }
-    if (!cJSON_AddItemToObject(object, DCAPS_KEY_NAME, dcapsArr)) {
-        ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcaps cJSON_AddItemToObject failed.", __func__);
-        cJSON_Delete(dcapsArr);
+    if (!cJSON_AddItemToObject(object, strKey, strJsonArr)) {
+        ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:AddItemToObject failed, strKey : %s.", __func__, strKey);
+        cJSON_Delete(strJsonArr);
         return ATRET_FAILED;
     }
     return ATRET_SUCCESS;
@@ -465,7 +482,13 @@ static cJSON *CreateNativeTokenJsonObject(const NativeTokenList *curr)
         cJSON_Delete(object);
         return NULL;
     }
-    int ret = AddDcapsArray(object, curr);
+
+    int ret = AddStrArrayInfo(object, curr->dcaps, curr->dcapsNum, DCAPS_KEY_NAME);
+    if (ret != ATRET_SUCCESS) {
+        cJSON_Delete(object);
+    }
+
+    ret = AddStrArrayInfo(object, curr->perms, curr->permsNum, PERMS_KEY_NAME);
     if (ret != ATRET_SUCCESS) {
         cJSON_Delete(object);
     }
@@ -498,7 +521,6 @@ static void SaveTokenIdToCfg(const NativeTokenList *curr)
 
     cJSON *node = CreateNativeTokenJsonObject(curr);
     if (node == NULL) {
-        ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:CreateNativeTokenJsonObject failed.", __func__);
         cJSON_Delete(record);
         return;
     }
@@ -509,27 +531,41 @@ static void SaveTokenIdToCfg(const NativeTokenList *curr)
     return;
 }
 
-static uint32_t CheckProcessInfo(const char *processname, const char **dcaps,
-                                 int32_t dcapNum, const char *aplStr, int32_t *aplRet)
+static uint32_t CheckStrArray(const char **strArray, int32_t strNum, int maxNum, uint32_t maxInfoLen)
 {
-    if ((processname == NULL) || strlen(processname) > MAX_PROCESS_NAME_LEN ||
-        strlen(processname) == 0) {
-        ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:processname is invalid.", __func__);
+    if (((strArray == NULL) && (strNum != 0)) ||
+        (strNum > maxNum) || (strNum < 0)) {
+        ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:strArray is null or strNum is invalid.", __func__);
         return ATRET_FAILED;
     }
+    for (int32_t i = 0; i < strNum; i++) {
+        if ((strArray[i] == NULL) || (strlen(strArray[i]) > maxInfoLen) || (strlen(strArray[i]) == 0)) {
+            ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:strArray[%d] length is invalid.", __func__, i);
+            return ATRET_FAILED;
+        }
+    }
+    return ATRET_SUCCESS;
+}
 
-    if (((dcaps == NULL) && (dcapNum != 0)) || dcapNum > MAX_DCAPS_NUM || dcapNum < 0) {
-        ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcaps is null or dcapNum is invalid.", __func__);
+static uint32_t CheckProcessInfo(NativeTokenInfoParams *tokenInfo, int32_t *aplRet)
+{
+    if ((tokenInfo->processName == NULL) || strlen(tokenInfo->processName) > MAX_PROCESS_NAME_LEN ||
+        strlen(tokenInfo->processName) == 0) {
+        ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:processName is invalid.", __func__);
         return ATRET_FAILED;
     }
-    for (int32_t i = 0; i < dcapNum; i++) {
-        if ((dcaps[i] == NULL) || (strlen(dcaps[i]) > MAX_DCAP_LEN)) {
-            ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcap length is invalid.", __func__);
-            return ATRET_FAILED;
-        }
+    int retDcap = CheckStrArray(tokenInfo->dcaps, tokenInfo->dcapsNum, MAX_DCAPS_NUM, MAX_DCAP_LEN);
+    if (retDcap != ATRET_SUCCESS) {
+        ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcaps is invalid.", __func__);
+        return ATRET_FAILED;
+    }
+    int retPerm = CheckStrArray(tokenInfo->perms, tokenInfo->permsNum, MAX_PERM_NUM, MAX_PERM_LEN);
+    if (retPerm != ATRET_SUCCESS) {
+        ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:perms is invalid.", __func__);
+        return ATRET_FAILED;
     }
 
-    int32_t apl = GetAplLevel(aplStr);
+    int32_t apl = GetAplLevel(tokenInfo->aplStr);
     if (apl == 0) {
         return ATRET_FAILED;
     }
@@ -537,8 +573,21 @@ static uint32_t CheckProcessInfo(const char *processname, const char **dcaps,
     return ATRET_SUCCESS;
 }
 
-static uint32_t AddNewTokenToListAndCfgFile(const char *processname, const char **dcapsIn,
-                                            int32_t dcapNumIn, int32_t aplIn, NativeAtId *tokenId)
+static uint32_t CreateStrArray(int num, const char **strArr, char **strArrRes)
+{
+    for (int32_t i = 0; i < num; i++) {
+        strArrRes[i] = (char *)malloc(sizeof(char) * (strlen(strArr[i]) + 1));
+        if (strArrRes[i] == NULL ||
+            (strcpy_s(strArrRes[i], strlen(strArr[i]) + 1, strArr[i]) != EOK)) {
+            ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:copy strArr[%d] failed.", __func__, i);
+            FreeStrArray(strArrRes, i);
+            return ATRET_FAILED;
+        }
+    }
+    return ATRET_SUCCESS;
+}
+
+static uint32_t AddNewTokenToListAndFile(NativeTokenInfoParams *tokenInfo, int32_t aplIn, NativeAtId *tokenId)
 {
     NativeTokenList *tokenNode;
     NativeAtId id;
@@ -555,23 +604,24 @@ static uint32_t AddNewTokenToListAndCfgFile(const char *processname, const char
     }
     tokenNode->tokenId = id;
     tokenNode->apl = aplIn;
-    if (strcpy_s(tokenNode->processName, MAX_PROCESS_NAME_LEN + 1, processname) != EOK) {
+    if (strcpy_s(tokenNode->processName, MAX_PROCESS_NAME_LEN + 1, tokenInfo->processName) != EOK) {
         ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:strcpy_s failed.", __func__);
         free(tokenNode);
         return ATRET_FAILED;
     }
-    tokenNode->dcapsNum = dcapNumIn;
+    tokenNode->dcapsNum = tokenInfo->dcapsNum;
+    tokenNode->permsNum = tokenInfo->permsNum;
 
-    for (int32_t i = 0; i < dcapNumIn; i++) {
-        tokenNode->dcaps[i] = (char *)malloc(sizeof(char) * (strlen(dcapsIn[i]) + 1));
-        if (tokenNode->dcaps[i] == NULL ||
-            (strcpy_s(tokenNode->dcaps[i], strlen(dcapsIn[i]) + 1, dcapsIn[i]) != EOK)) {
-            ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:copy dcapsIn[%d] failed.", __func__, i);
-            FreeDcaps(tokenNode->dcaps, i);
-            free(tokenNode);
-            return ATRET_FAILED;
-        }
+    if (CreateStrArray(tokenInfo->dcapsNum, tokenInfo->dcaps, tokenNode->dcaps) != ATRET_SUCCESS) {
+        free(tokenNode);
+        return ATRET_FAILED;
+    }
+    if (CreateStrArray(tokenInfo->permsNum, tokenInfo->perms, tokenNode->perms) != ATRET_SUCCESS) {
+        FreeStrArray(tokenNode->dcaps, tokenInfo->dcapsNum - 1);
+        free(tokenNode);
+        return ATRET_FAILED;
     }
+
     tokenNode->next = g_tokenListHead->next;
     g_tokenListHead->next = tokenNode;
 
@@ -581,7 +631,7 @@ static uint32_t AddNewTokenToListAndCfgFile(const char *processname, const char
     return ATRET_SUCCESS;
 }
 
-static int32_t CompareProcessInfo(NativeTokenList *tokenNode, const char **dcapsIn, int32_t dcapNumIn, int32_t aplIn)
+static int32_t CompareTokenInfo(NativeTokenList *tokenNode, const char **dcapsIn, int32_t dcapNumIn, int32_t aplIn)
 {
     if (tokenNode->apl != aplIn) {
         return 1;
@@ -597,61 +647,116 @@ static int32_t CompareProcessInfo(NativeTokenList *tokenNode, const char **dcaps
     return 0;
 }
 
-static uint32_t UpdateTokenInfoInList(NativeTokenList *tokenNode,
-    const char **dcapsIn, int32_t dcapNumIn, int32_t aplIn)
+static int32_t ComparePermsInfo(NativeTokenList *tokenNode, const char **permsIn, int32_t permsNumIn)
 {
-    tokenNode->apl = aplIn;
-
-    for (int32_t i = 0; i < tokenNode->dcapsNum; i++) {
-        free(tokenNode->dcaps[i]);
-        tokenNode->dcaps[i] = NULL;
+    if (tokenNode->permsNum != permsNumIn) {
+        return 1;
+    }
+    for (int32_t i = 0; i < permsNumIn; i++) {
+        if (strcmp(tokenNode->perms[i], permsIn[i]) != 0) {
+            return 1;
+        }
     }
+    return 0;
+}
 
-    tokenNode->dcapsNum = dcapNumIn;
-    for (int32_t i = 0; i < dcapNumIn; i++) {
-        int32_t len = strlen(dcapsIn[i]) + 1;
-        tokenNode->dcaps[i] = (char *)malloc(sizeof(char) * len);
-        if (tokenNode->dcaps[i] == NULL || (strcpy_s(tokenNode->dcaps[i], len, dcapsIn[i]) != EOK)) {
-            ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:copy dcapsIn[%d] failed.", __func__, i);
-            FreeDcaps(tokenNode->dcaps, i);
+static uint32_t UpdateStrArrayInList(char *strArr[], int *strNum,
+    const char **strArrNew, int strNumNew)
+{
+    for (int32_t i = 0; i < *strNum; i++) {
+        free(strArr[i]);
+        strArr[i] = NULL;
+    }
+
+    *strNum = strNumNew;
+    for (int32_t i = 0; i < strNumNew; i++) {
+        int32_t len = strlen(strArrNew[i]) + 1;
+        strArr[i] = (char *)malloc(sizeof(char) * len);
+        if (strArr[i] == NULL || (strcpy_s(strArr[i], len, strArrNew[i]) != EOK)) {
+            ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:copy strArr[%d] failed.", __func__, i);
+            FreeStrArray(strArr, i);
             return ATRET_FAILED;
         }
     }
     return ATRET_SUCCESS;
 }
 
-static uint32_t UpdateItemcontent(const NativeTokenList *tokenNode, cJSON *record)
+static uint32_t UpdateTokenInfoInList(NativeTokenList *tokenNode, NativeTokenInfoParams *tokenInfo)
 {
-    cJSON *itemApl =  cJSON_CreateNumber(tokenNode->apl);
-    if (itemApl == NULL) {
-        return ATRET_FAILED;
+    tokenNode->apl = GetAplLevel(tokenInfo->aplStr);
+
+    uint32_t ret = UpdateStrArrayInList(tokenNode->dcaps, &(tokenNode->dcapsNum),
+        tokenInfo->dcaps, tokenInfo->dcapsNum);
+    if (ret != ATRET_SUCCESS) {
+        return ret;
     }
-    if (!cJSON_ReplaceItemInObject(record, APL_KEY_NAME, itemApl)) {
-        cJSON_Delete(itemApl);
-        ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:APL update failed.", __func__);
-        return ATRET_FAILED;
+    ret = UpdateStrArrayInList(tokenNode->perms, &(tokenNode->permsNum),
+        tokenInfo->perms, tokenInfo->permsNum);
+    if (ret != ATRET_SUCCESS) {
+        FreeStrArray(tokenNode->dcaps, tokenNode->dcapsNum);
     }
+    return ret;
+}
 
-    cJSON *dcapsArr = cJSON_CreateArray();
-    if (dcapsArr == NULL) {
+static uint32_t UpdateStrArrayType(char * const strArr[], int strNum, const char *strKey, cJSON *record)
+{
+    cJSON *strArrJson = cJSON_CreateArray();
+    if (strArrJson == NULL) {
+        ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_CreateArray failed.", __func__);
         return ATRET_FAILED;
     }
-    for (int32_t i = 0; i < tokenNode->dcapsNum; i++) {
-        cJSON *item =  cJSON_CreateString(tokenNode->dcaps[i]);
+    for (int32_t i = 0; i < strNum; i++) {
+        cJSON *item =  cJSON_CreateString(strArr[i]);
         if (item == NULL) {
             ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_CreateString failed.", __func__);
-            cJSON_Delete(dcapsArr);
+            cJSON_Delete(strArrJson);
             return ATRET_FAILED;
         }
-        if (!cJSON_AddItemToArray(dcapsArr, item)) {
+        if (!cJSON_AddItemToArray(strArrJson, item)) {
             ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_AddItemToArray failed.", __func__);
             cJSON_Delete(item);
+            cJSON_Delete(strArrJson);
             return ATRET_FAILED;
         }
     }
-    if (!cJSON_ReplaceItemInObject(record, DCAPS_KEY_NAME, dcapsArr)) {
+    if (cJSON_GetObjectItem(record, strKey) != NULL) {
+        if (!cJSON_ReplaceItemInObject(record, strKey, strArrJson)) {
+            ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_ReplaceItemInObject failed.", __func__);
+            cJSON_Delete(strArrJson);
+            return ATRET_FAILED;
+        }
+    } else {
+        if (!cJSON_AddItemToObject(record, strKey, strArrJson)) {
+            ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:cJSON_AddItemToObject failed.", __func__);
+            cJSON_Delete(strArrJson);
+            return ATRET_FAILED;
+        }
+    }
+
+    return ATRET_SUCCESS;
+}
+
+static uint32_t UpdateItemcontent(const NativeTokenList *tokenNode, cJSON *record)
+{
+    cJSON *itemApl =  cJSON_CreateNumber(tokenNode->apl);
+    if (itemApl == NULL) {
+        return ATRET_FAILED;
+    }
+    if (!cJSON_ReplaceItemInObject(record, APL_KEY_NAME, itemApl)) {
+        cJSON_Delete(itemApl);
+        ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:APL update failed.", __func__);
+        return ATRET_FAILED;
+    }
+
+    uint32_t ret = UpdateStrArrayType(tokenNode->dcaps, tokenNode->dcapsNum, DCAPS_KEY_NAME, record);
+    if (ret != ATRET_SUCCESS) {
         ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:dcaps update failed.", __func__);
-        cJSON_Delete(dcapsArr);
+        return ATRET_FAILED;
+    }
+
+    ret = UpdateStrArrayType(tokenNode->perms, tokenNode->permsNum, PERMS_KEY_NAME, record);
+    if (ret != ATRET_SUCCESS) {
+        ACCESSTOKEN_LOG_ERROR("[ATLIB-%s]:perms update failed.", __func__);
         return ATRET_FAILED;
     }
     return ATRET_SUCCESS;
@@ -679,7 +784,7 @@ static uint32_t UpdateGoalItemFromRecord(const NativeTokenList *tokenNode, cJSON
     return ATRET_FAILED;
 }
 
-static uint32_t UpdateTokenInfoInCfgFile(NativeTokenList *tokenNode)
+static uint32_t UpdateInfoInCfgFile(NativeTokenList *tokenNode)
 {
     cJSON *record = NULL;
     char *fileBuff = NULL;
@@ -714,7 +819,7 @@ static uint32_t UpdateTokenInfoInCfgFile(NativeTokenList *tokenNode)
     return ATRET_SUCCESS;
 }
 
-uint64_t GetAccessTokenId(const char *processname, const char **dcaps, int32_t dcapNum, const char *aplStr)
+uint64_t GetAccessTokenId(NativeTokenInfoParams *tokenInfo)
 {
     NativeAtId tokenId = 0;
     uint64_t result = 0;
@@ -725,14 +830,14 @@ uint64_t GetAccessTokenId(const char *processname, const char **dcaps, int32_t d
         return INVALID_TOKEN_ID;
     }
 
-    uint32_t ret = CheckProcessInfo(processname, dcaps, dcapNum, aplStr, &apl);
+    uint32_t ret = CheckProcessInfo(tokenInfo, &apl);
     if (ret != ATRET_SUCCESS) {
         return INVALID_TOKEN_ID;
     }
 
     NativeTokenList *tokenNode = g_tokenListHead->next;
     while (tokenNode != NULL) {
-        if (strcmp(tokenNode->processName, processname) == 0) {
+        if (strcmp(tokenNode->processName, tokenInfo->processName) == 0) {
             tokenId = tokenNode->tokenId;
             break;
         }
@@ -740,12 +845,13 @@ uint64_t GetAccessTokenId(const char *processname, const char **dcaps, int32_t d
     }
 
     if (tokenNode == NULL) {
-        ret = AddNewTokenToListAndCfgFile(processname, dcaps, dcapNum, apl, &tokenId);
+        ret = AddNewTokenToListAndFile(tokenInfo, apl, &tokenId);
     } else {
-        int32_t needUpdate = CompareProcessInfo(tokenNode, dcaps, dcapNum, apl);
-        if (needUpdate != 0) {
-            ret = UpdateTokenInfoInList(tokenNode, dcaps, dcapNum, apl);
-            ret |= UpdateTokenInfoInCfgFile(tokenNode);
+        int32_t needTokenUpdate = CompareTokenInfo(tokenNode, tokenInfo->dcaps, tokenInfo->dcapsNum, apl);
+        int32_t needPermUpdate = ComparePermsInfo(tokenNode, tokenInfo->perms, tokenInfo->permsNum);
+        if ((needTokenUpdate != 0) || (needPermUpdate != 0)) {
+            ret = UpdateTokenInfoInList(tokenNode, tokenInfo);
+            ret |= UpdateInfoInCfgFile(tokenNode);
         }
     }
     if (ret != ATRET_SUCCESS) {
diff --git a/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.cpp b/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.cpp
index 44eb5cc82026b8a0cba97c77314b22dae4cea7ad..de2434dcd87db07d6f49d1cc4b599062a71f1e9b 100644
--- a/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.cpp
+++ b/interfaces/innerkits/nativetoken/test/unittest/src/nativetoken_kit_test.cpp
@@ -48,13 +48,22 @@ void TokenLibKitTest::TearDown()
 
 int Start(const char *processName)
 {
-    const char *processname = processName;
     const char **dcaps = new const char *[2];
     dcaps[0] = "AT_CAP";
     dcaps[1] = "ST_CAP";
-    int dcapNum = 2;
     uint64_t tokenId;
-    tokenId = GetAccessTokenId(processname, dcaps, dcapNum, "system_core");
+    const char **perms = new const char *[2];
+    perms[0] = "ohos.permission.test1";
+    perms[1] = "ohos.permission.test2";
+    NativeTokenInfoParams infoInstance = {
+        .dcapsNum = 2,
+        .permsNum = 2,
+        .dcaps = dcaps,
+        .perms = perms,
+        .processName = processName,
+        .aplStr = "system_core",
+    };
+    tokenId = GetAccessTokenId(&infoInstance);
     delete[] dcaps;
     return tokenId;
 }
@@ -72,26 +81,42 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId001, TestSize.Level1)
     dcaps[1] = "ST_CAP";
     int dcapNum = 2;
     uint64_t tokenId;
-    tokenId = GetAccessTokenId("", dcaps, dcapNum, "system_core");
+    const char **perms = new const char *[2];
+    perms[0] = "ohos.permission.test1";
+    perms[1] = "ohos.permission.test2";
+    NativeTokenInfoParams infoInstance = {
+        .dcapsNum = dcapNum,
+        .permsNum = 2,
+        .dcaps = dcaps,
+        .perms = perms,
+        .aplStr = "system_core",
+    };
+    infoInstance.processName = "";
+    tokenId = GetAccessTokenId(&infoInstance);
     ASSERT_EQ(tokenId, 0);
-    tokenId = GetAccessTokenId(nullptr, dcaps, dcapNum, "system_core");
+    infoInstance.processName = nullptr;
+    tokenId = GetAccessTokenId(&infoInstance);
     ASSERT_EQ(tokenId, 0);
 
     /* 257 is invalid processName length */
     const std::string invalidProcName (257, 'x');
-    tokenId = GetAccessTokenId(invalidProcName.c_str(), dcaps, dcapNum, "system_core");
+    infoInstance.processName = invalidProcName.c_str();
+    tokenId = GetAccessTokenId(&infoInstance);
     ASSERT_EQ(tokenId, 0);
 
     /* 255 is valid processName length */
     const std::string validProcName01 (255, 'x');
-    tokenId = GetAccessTokenId(validProcName01.c_str(), dcaps, dcapNum, "system_core");
+    infoInstance.processName = validProcName01.c_str();
+    tokenId = GetAccessTokenId(&infoInstance);
     ASSERT_NE(tokenId, 0);
 
     /* 256 is valid processName length */
     const std::string validProcName02 (256, 'x');
-    tokenId = GetAccessTokenId(validProcName02.c_str(), dcaps, dcapNum, "system_core");
+    infoInstance.processName = validProcName02.c_str();
+    tokenId = GetAccessTokenId(&infoInstance);
     ASSERT_NE(tokenId, 0);
     delete[] dcaps;
+    delete[] perms;
 }
 
 /**
@@ -107,12 +132,22 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId002, TestSize.Level1)
     dcaps[1] = "ST_CAP";
     int dcapNum = -1;
     uint64_t tokenId;
-    tokenId = GetAccessTokenId("GetAccessTokenId002", dcaps, dcapNum, "system_core");
+    NativeTokenInfoParams infoInstance = {
+        .permsNum = 0,
+        .dcaps = dcaps,
+        .perms = nullptr,
+        .aplStr = "system_core",
+    };
+    infoInstance.dcapsNum = dcapNum;
+    infoInstance.processName = "GetAccessTokenId002";
+    tokenId = GetAccessTokenId(&infoInstance);
     ASSERT_EQ(tokenId, 0);
 
     /* 33 is invalid dcapNum */
     dcapNum = 33;
-    tokenId = GetAccessTokenId("GetAccessTokenId002_00", dcaps, dcapNum, "system_core");
+    infoInstance.dcapsNum = dcapNum;
+    infoInstance.processName = "GetAccessTokenId002_00";
+    tokenId = GetAccessTokenId(&infoInstance);
     ASSERT_EQ(tokenId, 0);
 
     for (int32_t i = 0; i < 32; i++) {
@@ -120,12 +155,16 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId002, TestSize.Level1)
     }
     /* 32 is valid dcapNum */
     dcapNum = 32;
-    tokenId = GetAccessTokenId("GetAccessTokenId002_01", dcaps, dcapNum, "system_core");
+    infoInstance.dcapsNum = dcapNum;
+    infoInstance.processName = "GetAccessTokenId002_01";
+    tokenId = GetAccessTokenId(&infoInstance);
     ASSERT_NE(tokenId, 0);
 
     /* 31 is valid dcapNum */
     dcapNum = 31;
-    tokenId = GetAccessTokenId("GetAccessTokenId002_02", dcaps, dcapNum, "system_core");
+    infoInstance.dcapsNum = dcapNum;
+    infoInstance.processName = "GetAccessTokenId002_02";
+    tokenId = GetAccessTokenId(&infoInstance);
     ASSERT_NE(tokenId, 0);
 
     delete[] dcaps;
@@ -144,30 +183,51 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId003, TestSize.Level1)
     dcaps[1] = "ST_CAP";
     int dcapNum = 2;
     uint64_t tokenId;
-    tokenId = GetAccessTokenId("GetAccessTokenId003", nullptr, dcapNum, "system_core");
+    NativeTokenInfoParams infoInstance = {
+        .permsNum = 0,
+        .dcaps = dcaps,
+        .perms = nullptr,
+        .aplStr = "system_core",
+    };
+    infoInstance.dcapsNum = dcapNum;
+    infoInstance.dcaps = nullptr;
+    infoInstance.processName = "GetAccessTokenId003";
+    tokenId = GetAccessTokenId(&infoInstance);
     ASSERT_EQ(tokenId, 0);
 
     dcapNum = 0;
-    tokenId = GetAccessTokenId("GetAccessTokenId003_01", nullptr, dcapNum, "system_core");
+    infoInstance.dcapsNum = dcapNum;
+    infoInstance.dcaps = nullptr;
+    infoInstance.processName = "GetAccessTokenId003_01";
+    tokenId = GetAccessTokenId(&infoInstance);
     ASSERT_NE(tokenId, 0);
 
     dcapNum = 2;
     /* 1025 is invalid dcap length */
     const std::string invalidDcap (1025, 'x');
     dcaps[0] = invalidDcap.c_str();
-    tokenId = GetAccessTokenId("GetAccessTokenId003_02", dcaps, dcapNum, "system_core");
+    infoInstance.dcapsNum = dcapNum;
+    infoInstance.dcaps = dcaps;
+    infoInstance.processName = "GetAccessTokenId003_02";
+    tokenId = GetAccessTokenId(&infoInstance);
     ASSERT_EQ(tokenId, 0);
 
     /* 1024 is valid dcap length */
     const std::string validDcap01 (1024, 'x');
     dcaps[0] = validDcap01.c_str();
-    tokenId = GetAccessTokenId("GetAccessTokenId003_03", dcaps, dcapNum, "system_core");
+    infoInstance.dcapsNum = dcapNum;
+    infoInstance.dcaps = dcaps;
+    infoInstance.processName = "GetAccessTokenId003_03";
+    tokenId = GetAccessTokenId(&infoInstance);
     ASSERT_NE(tokenId, 0);
 
     /* 1023 is valid dcap length */
     const std::string validDcap02 (1023, 'x');
     dcaps[0] = validDcap02.c_str();
-    tokenId = GetAccessTokenId("GetAccessTokenId003_04", dcaps, dcapNum, "system_core");
+    infoInstance.dcapsNum = dcapNum;
+    infoInstance.dcaps = dcaps;
+    infoInstance.processName = "GetAccessTokenId003_04";
+    tokenId = GetAccessTokenId(&infoInstance);
     ASSERT_NE(tokenId, 0);
 
     delete[] dcaps;
@@ -186,10 +246,20 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId004, TestSize.Level1)
     dcaps[1] = "ST_CAP";
     int dcapNum = 2;
     uint64_t tokenId;
-    tokenId = GetAccessTokenId("GetAccessTokenId003", dcaps, dcapNum, nullptr);
+    NativeTokenInfoParams infoInstance = {
+        .dcapsNum = dcapNum,
+        .permsNum = 0,
+        .dcaps = dcaps,
+        .perms = nullptr,
+        .processName = "GetAccessTokenId003",
+    };
+
+    infoInstance.aplStr = nullptr,
+    tokenId = GetAccessTokenId(&infoInstance);
     ASSERT_EQ(tokenId, 0);
 
-    tokenId = GetAccessTokenId("GetAccessTokenId003", dcaps, dcapNum, "system_invalid");
+    infoInstance.aplStr = "system_invalid",
+    tokenId = GetAccessTokenId(&infoInstance);
     ASSERT_EQ(tokenId, 0);
 
     delete[] dcaps;
@@ -233,11 +303,149 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId006, TestSize.Level1)
 
 /**
  * @tc.name: GetAccessTokenId007
- * @tc.desc: Get a batch of AccessTokenId.
+ * @tc.desc: cannot getAccessTokenId with invalid dcapNum.
  * @tc.type: FUNC
  * @tc.require:AR000GK6TD
  */
 HWTEST_F(TokenLibKitTest, GetAccessTokenId007, TestSize.Level1)
+{
+    const char **perms = new const char *[MAX_PERM_NUM];
+    perms[0] = "ohos.permission.test1";
+    perms[1] = "ohos.permission.test2";
+    int permsNum = -1;
+    uint64_t tokenId;
+    NativeTokenInfoParams infoInstance = {
+        .dcapsNum = 0,
+        .dcaps = nullptr,
+        .perms = perms,
+        .aplStr = "system_core",
+    };
+
+    infoInstance.permsNum = permsNum;
+    infoInstance.processName = "GetAccessTokenId007";
+    tokenId = GetAccessTokenId(&infoInstance);
+    ASSERT_EQ(tokenId, 0);
+
+    permsNum = MAX_PERM_NUM + 1;
+    infoInstance.permsNum = permsNum;
+    infoInstance.processName = "GetAccessTokenId007_00";
+    tokenId = GetAccessTokenId(&infoInstance);
+    ASSERT_EQ(tokenId, 0);
+
+    for (int32_t i = 0; i < MAX_PERM_NUM; i++) {
+        perms[i] = "ohos.permission.test";
+    }
+
+    permsNum = MAX_PERM_NUM;
+    infoInstance.permsNum = permsNum;
+    infoInstance.processName = "GetAccessTokenId007_01";
+    tokenId = GetAccessTokenId(&infoInstance);
+    ASSERT_NE(tokenId, 0);
+
+    permsNum = MAX_PERM_NUM - 1;
+    infoInstance.permsNum = permsNum;
+    infoInstance.processName = "GetAccessTokenId007_02";
+    tokenId = GetAccessTokenId(&infoInstance);
+    ASSERT_NE(tokenId, 0);
+
+    delete[] perms;
+}
+
+/**
+ * @tc.name: GetAccessTokenId008
+ * @tc.desc: Get AccessTokenId with new processName.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TD
+ */
+HWTEST_F(TokenLibKitTest, GetAccessTokenId008, TestSize.Level1)
+{
+    const char **dcaps = new const char *[2];
+    dcaps[0] = "AT_CAP";
+    dcaps[1] = "ST_CAP";
+    uint64_t tokenId;
+    const char **perms = new const char *[2];
+    perms[0] = "ohos.permission.test1";
+    perms[1] = "ohos.permission.test2";
+    NativeTokenInfoParams infoInstance = {
+        .dcapsNum = 2,
+        .permsNum = 2,
+        .dcaps = dcaps,
+        .perms = perms,
+        .processName = "GetAccessTokenId008",
+        .aplStr = "system_core",
+    };
+    tokenId = GetAccessTokenId(&infoInstance);
+    ASSERT_NE(tokenId, 0);
+}
+
+/**
+ * @tc.name: GetAccessTokenId009
+ * @tc.desc: cannot getAccessTokenId with invalid perms.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TD
+ */
+HWTEST_F(TokenLibKitTest, GetAccessTokenId009, TestSize.Level1)
+{
+    const char **perms = new const char *[2];
+    perms[0] = "AT_CAP";
+    perms[1] = "ST_CAP";
+    int permsNum = 2;
+    uint64_t tokenId;
+    NativeTokenInfoParams infoInstance = {
+        .dcapsNum = 0,
+        .dcaps = nullptr,
+        .aplStr = "system_core",
+    };
+
+    infoInstance.permsNum = permsNum;
+    infoInstance.perms = nullptr;
+    infoInstance.processName = "GetAccessTokenId009";
+    tokenId = GetAccessTokenId(&infoInstance);
+    ASSERT_EQ(tokenId, 0);
+
+    permsNum = 0;
+    infoInstance.permsNum = permsNum;
+    infoInstance.perms = nullptr;
+    infoInstance.processName = "GetAccessTokenId009_01";
+    tokenId = GetAccessTokenId(&infoInstance);
+    ASSERT_NE(tokenId, 0);
+
+    permsNum = 2;
+    /* 1025 is invalid dcap length */
+    const std::string invalidDcap (MAX_PERM_LEN + 1, 'x');
+    perms[0] = invalidDcap.c_str();
+    infoInstance.permsNum = permsNum;
+    infoInstance.perms = perms;
+    infoInstance.processName = "GetAccessTokenId009_02";
+    tokenId = GetAccessTokenId(&infoInstance);
+    ASSERT_EQ(tokenId, 0);
+
+    const std::string validDcap01 (MAX_PERM_LEN, 'x');
+    perms[0] = validDcap01.c_str();
+    infoInstance.permsNum = permsNum;
+    infoInstance.perms = perms;
+    infoInstance.processName = "GetAccessTokenId009_03";
+    tokenId = GetAccessTokenId(&infoInstance);
+    ASSERT_NE(tokenId, 0);
+
+    const std::string validDcap02 (MAX_PERM_LEN - 1, 'x');
+    perms[0] = validDcap02.c_str();
+    infoInstance.permsNum = permsNum;
+    infoInstance.perms = perms;
+    infoInstance.processName = "GetAccessTokenId009_04";
+    tokenId = GetAccessTokenId(&infoInstance);
+    ASSERT_NE(tokenId, 0);
+
+    delete[] perms;
+}
+
+/**
+ * @tc.name: GetAccessTokenId010
+ * @tc.desc: Get a batch of AccessTokenId.
+ * @tc.type: FUNC
+ * @tc.require:AR000GK6TD
+ */
+HWTEST_F(TokenLibKitTest, GetAccessTokenId010, TestSize.Level1)
 {
     char processName[200][MAX_PROCESS_NAME_LEN];
     /* enable 200 process before fondation is prepared */
@@ -259,12 +467,12 @@ HWTEST_F(TokenLibKitTest, GetAccessTokenId007, TestSize.Level1)
 }
 
 /**
- * @tc.name: GetAccessTokenId008
+ * @tc.name: GetAccessTokenId011
  * @tc.desc: Get AccessTokenId and check the config file.
  * @tc.type: FUNC
  * @tc.require:AR000GK6TD
  */
-HWTEST_F(TokenLibKitTest, GetAccessTokenId008, TestSize.Level1)
+HWTEST_F(TokenLibKitTest, GetAccessTokenId011, TestSize.Level1)
 {
     Start("process1");
     Start("process2");
diff --git a/interfaces/innerkits/tokensync/src/token_sync_manager_client.cpp b/interfaces/innerkits/tokensync/src/token_sync_manager_client.cpp
index 3cd5a9d56002d8cc5dda0025f4395d80f7563286..f11d38bfa4b0497bdf521479553854ecae0408d8 100644
--- a/interfaces/innerkits/tokensync/src/token_sync_manager_client.cpp
+++ b/interfaces/innerkits/tokensync/src/token_sync_manager_client.cpp
@@ -17,6 +17,7 @@
 
 #include "accesstoken_log.h"
 #include "hap_token_info_for_sync_parcel.h"
+#include "native_token_info_for_sync_parcel.h"
 #include "iservice_registry.h"
 
 namespace OHOS {
diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h b/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h
index 76cb640fb5d39a58f43419724c56fba0c7148186..59e31d77702eb7373bca8d794a228a1b3cfe3aeb 100644
--- a/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h
+++ b/services/accesstokenmanager/main/cpp/include/permission/permission_definition_cache.h
@@ -47,6 +47,8 @@ public:
 
     bool HasDefinition(const std::string& permissionName);
 
+    bool IsPermissionDefEmpty();
+
 private:
     PermissionDefinitionCache();
 
diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h
index 64fa632f5e9262231b1b9cbdc8c049ecb3d1c253..68ad9751d722aae038b9f54819279dda2cc8da5a 100644
--- a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h
+++ b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h
@@ -38,6 +38,8 @@ public:
 
     void AddDefPermissions(std::shared_ptr<HapTokenInfoInner> tokenInfo, bool updateFlag);
     void RemoveDefPermissions(AccessTokenID tokenID);
+    int VerifyNativeAccessToken(AccessTokenID tokenID, const std::string& permissionName);
+    int VerifyHapAccessToken(AccessTokenID tokenID, const std::string& permissionName);
     int VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName);
     int VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName);
     int GetDefPermission(const std::string& permissionName, PermissionDef& permissionDefResult);
diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h b/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h
index 773153759d1ea2d7c9484153fb2900f5070feaa6..d8ec4cb97530790f5f0234e99ecc28c0834db400 100644
--- a/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h
+++ b/services/accesstokenmanager/main/cpp/include/permission/permission_policy_set.h
@@ -48,6 +48,8 @@ public:
     int QueryPermissionFlag(const std::string& permissionName);
     void UpdatePermissionStatus(const std::string& permissionName, bool isGranted, int flag);
     void ToString(std::string& info);
+    bool IsPermissionReqValid(int32_t tokenApl, const std::string &permissionName);
+    void PermStateToString(int32_t tokenApl, std::string& info);
     void GetPermissionStateList(std::vector<PermissionStateFull>& stateList);
 
 private:
diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h
index 5ab88b09343ce49aadee6d45875a0dec6d264f52..cdb8501245ab8ee238064e1ab296354b3a060622 100644
--- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h
+++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h
@@ -64,10 +64,10 @@ public:
 
 #ifdef TOKEN_SYNC_ENABLE
     int GetHapTokenInfoFromRemote(AccessTokenID tokenID, HapTokenInfoForSyncParcel& hapSyncParcel) override;
-    int GetAllNativeTokenInfo(std::vector<NativeTokenInfoParcel>& nativeTokenInfosRes) override;
+    int GetAllNativeTokenInfo(std::vector<NativeTokenInfoForSyncParcel>& nativeTokenInfosRes) override;
     int SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSyncParcel& hapSyncParcel) override;
     int SetRemoteNativeTokenInfo(const std::string& deviceID,
-        std::vector<NativeTokenInfoParcel>& nativeTokenInfoParcel) override;
+        std::vector<NativeTokenInfoForSyncParcel>& nativeTokenInfoForSyncParcel) override;
     int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID) override;
     AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID) override;
     int DeleteRemoteDeviceTokens(const std::string& deviceID) override;
diff --git a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h
index aa8fa7d72a113564d0ce71cbe98a2b730c592cdc..0fbd982454f09b9c1ab790392768de50b970fc09 100644
--- a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h
+++ b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h
@@ -41,6 +41,7 @@ public:
     int GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo& InfoParcel);
     std::shared_ptr<NativeTokenInfoInner> GetNativeTokenInfoInner(AccessTokenID id);
     int GetNativeTokenInfo(AccessTokenID tokenID, NativeTokenInfo& InfoParcel);
+    std::shared_ptr<PermissionPolicySet> GetNativePermissionPolicySet(AccessTokenID id);
     std::shared_ptr<PermissionPolicySet> GetHapPermissionPolicySet(AccessTokenID id);
     int RemoveHapTokenInfo(AccessTokenID id);
     int RemoveNativeTokenInfo(AccessTokenID id);
@@ -58,10 +59,10 @@ public:
     int GetHapTokenSync(AccessTokenID tokenID, HapTokenInfoForSync& hapSync);
     int GetHapTokenInfoFromRemote(AccessTokenID tokenID,
         HapTokenInfoForSync& hapSync);
-    void GetAllNativeTokenInfo(std::vector<NativeTokenInfo>& nativeTokenInfosRes);
+    void GetAllNativeTokenInfo(std::vector<NativeTokenInfoForSync>& nativeTokenInfosRes);
     int SetRemoteHapTokenInfo(const std::string& deviceID, HapTokenInfoForSync& hapSync);
     int SetRemoteNativeTokenInfo(const std::string& deviceID,
-        std::vector<NativeTokenInfo>& nativeTokenInfoList);
+        std::vector<NativeTokenInfoForSync>& nativeTokenInfoList);
     int DeleteRemoteToken(const std::string& deviceID, AccessTokenID tokenID);
     AccessTokenID GetRemoteNativeTokenID(const std::string& deviceID, AccessTokenID tokenID);
     int DeleteRemoteDeviceTokens(const std::string& deviceID);
diff --git a/services/accesstokenmanager/main/cpp/include/token/native_token_info_inner.h b/services/accesstokenmanager/main/cpp/include/token/native_token_info_inner.h
index 72f5b2e7cdd505328e2bd6456e6b5ee7d2e97a42..5b95fa62b4b576fe8e87518f0dd748156a32421d 100644
--- a/services/accesstokenmanager/main/cpp/include/token/native_token_info_inner.h
+++ b/services/accesstokenmanager/main/cpp/include/token/native_token_info_inner.h
@@ -21,6 +21,8 @@
 #include "access_token.h"
 #include "generic_values.h"
 #include "native_token_info.h"
+#include "permission_policy_set.h"
+#include "permission_state_full.h"
 
 namespace OHOS {
 namespace Security {
@@ -31,21 +33,27 @@ static const std::string JSON_VERSION = "version";
 static const std::string JSON_TOKEN_ID = "tokenId";
 static const std::string JSON_TOKEN_ATTR = "tokenAttr";
 static const std::string JSON_DCAPS = "dcaps";
+static const std::string JSON_PERMS = "permissions";
 static const int MAX_DCAPS_NUM = 32;
+static const int MAX_REQ_PERM_NUM = 32;
 
 class NativeTokenInfoInner final {
 public:
     NativeTokenInfoInner();
-    NativeTokenInfoInner(NativeTokenInfo& info);
+    NativeTokenInfoInner(NativeTokenInfo& info,
+        const std::vector<PermissionStateFull> &permStateList);
     virtual ~NativeTokenInfoInner();
 
     int Init(AccessTokenID id, const std::string& processName, int apl,
-        const std::vector<std::string>& dcap);
-    void StoreNativeInfo(std::vector<GenericValues>& valueList) const;
+        const std::vector<std::string>& dcap,
+        const std::vector<PermissionStateFull> &permStateList);
+    void StoreNativeInfo(std::vector<GenericValues>& valueList,
+        std::vector<GenericValues>& permStateValues) const;
     void TranslateToNativeTokenInfo(NativeTokenInfo& InfoParcel) const;
     void SetDcaps(const std::string& dcapStr);
     void ToString(std::string& info) const;
-    int RestoreNativeTokenInfo(AccessTokenID tokenId, const GenericValues& inGenericValues);
+    int RestoreNativeTokenInfo(AccessTokenID tokenId, const GenericValues& inGenericValues,
+        const std::vector<GenericValues>& permStateRes);
     void Update(AccessTokenID tokenId, const std::string& processName,
         int apl, const std::vector<std::string>& dcap);
 
@@ -53,6 +61,7 @@ public:
     AccessTokenID GetTokenID() const;
     std::string GetProcessName() const;
     NativeTokenInfo GetNativeTokenInfo() const;
+    std::shared_ptr<PermissionPolicySet> GetNativeInfoPermissionPolicySet() const;
     bool IsRemote() const;
     void SetRemote(bool isRemote);
 
@@ -63,6 +72,7 @@ private:
     // true means sync from remote.
     bool isRemote_;
     NativeTokenInfo tokenInfoBasic_;
+    std::shared_ptr<PermissionPolicySet> permPolicySet_;
 };
 } // namespace AccessToken
 } // namespace Security
diff --git a/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h b/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h
index 9917e5e57f3058b532ed1bd248441018a6af6dfe..cc72c61ff398cc1a6d20518553eac85f904ca931 100644
--- a/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h
+++ b/services/accesstokenmanager/main/cpp/include/token/native_token_receptor.h
@@ -19,10 +19,13 @@
 #include <memory>
 #include <string>
 
+#include "native_token_info_inner.h"
+
 #include "access_token.h"
 #include "nlohmann/json.hpp"
-#include "native_token_info_inner.h"
 #include "nocopyable.h"
+#include "permission_policy_set.h"
+#include "permission_state_full.h"
 
 namespace OHOS {
 namespace Security {
@@ -45,7 +48,6 @@ private:
     int32_t ParserNativeRawData(const std::string& nativeRawData,
         std::vector<std::shared_ptr<NativeTokenInfoInner>>& tokenInfos);
     void from_json(const nlohmann::json& j, NativeTokenInfo& p);
-
     bool ready_;
 };
 } // namespace AccessToken
diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp
index 2f32086145d566e06455b1683ca4ae5e6ff4bbb1..942e280c7035279dbd54aeb77ed06c6afbf45e48 100644
--- a/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp
+++ b/services/accesstokenmanager/main/cpp/src/permission/permission_definition_cache.cpp
@@ -111,6 +111,12 @@ bool PermissionDefinitionCache::HasDefinition(const std::string& permissionName)
     Utils::UniqueReadGuard<Utils::RWLock> cacheGuard(this->cacheLock_);
     return permissionDefinitionMap_.count(permissionName) == 1;
 }
+
+bool PermissionDefinitionCache::IsPermissionDefEmpty()
+{
+    Utils::UniqueReadGuard<Utils::RWLock> cacheGuard(this->cacheLock_);
+    return permissionDefinitionMap_.empty();
+}
 } // namespace AccessToken
 } // namespace Security
 } // namespace OHOS
diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp
index b46dac48f17b9b0f0859a76fabdbc9692a3617c2..326a1e1cc3a6541d2d8fb0f3b5794e4c125c4366 100644
--- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp
+++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp
@@ -15,6 +15,7 @@
 
 #include "permission_manager.h"
 #include "access_token.h"
+#include "accesstoken_id_manager.h"
 #include "accesstoken_info_manager.h"
 #include "accesstoken_log.h"
 #include "permission_definition_cache.h"
@@ -78,25 +79,20 @@ void PermissionManager::AddDefPermissions(std::shared_ptr<HapTokenInfoInner> tok
 
 void PermissionManager::RemoveDefPermissions(AccessTokenID tokenID)
 {
-    ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: 0x%{public}x", __func__, tokenID);
+    ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: %{public}u", __func__, tokenID);
     std::shared_ptr<HapTokenInfoInner> tokenInfo =
         AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenID);
     if (tokenInfo == nullptr) {
-        ACCESSTOKEN_LOG_ERROR(LABEL, "invalid params(tokenID: 0x%{public}x)!", tokenID);
+        ACCESSTOKEN_LOG_ERROR(LABEL, "invalid params(tokenID: %{public}u)!", tokenID);
         return;
     }
     std::string bundleName = tokenInfo->GetBundleName();
     PermissionDefinitionCache::GetInstance().DeleteByBundleName(bundleName);
 }
 
-int PermissionManager::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName)
+int PermissionManager::VerifyHapAccessToken(AccessTokenID tokenID, const std::string& permissionName)
 {
-    ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: 0x%{public}x, permissionName: %{public}s", __func__,
-        tokenID, permissionName.c_str());
-    if (!PermissionValidator::IsPermissionNameValid(permissionName)) {
-        ACCESSTOKEN_LOG_ERROR(LABEL, "invalid params!");
-        return PERMISSION_DENIED;
-    }
+    ACCESSTOKEN_LOG_INFO(LABEL, "called");
     std::shared_ptr<HapTokenInfoInner> tokenInfoPtr =
         AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenID);
     if (tokenInfoPtr == nullptr) {
@@ -119,10 +115,57 @@ int PermissionManager::VerifyAccessToken(AccessTokenID tokenID, const std::strin
     return permPolicySet->VerifyPermissStatus(permissionName);
 }
 
+int PermissionManager::VerifyNativeAccessToken(AccessTokenID tokenID, const std::string& permissionName)
+{
+    std::shared_ptr<NativeTokenInfoInner> tokenInfoPtr =
+        AccessTokenInfoManager::GetInstance().GetNativeTokenInfoInner(tokenID);
+    if (tokenInfoPtr == nullptr) {
+        ACCESSTOKEN_LOG_ERROR(LABEL, "can not find tokenInfo!");
+        return PERMISSION_DENIED;
+    }
+    if (PermissionDefinitionCache::GetInstance().IsPermissionDefEmpty()) {
+        ACCESSTOKEN_LOG_INFO(LABEL, "permission definition set has not been installed!");
+        return PERMISSION_GRANTED;
+    }
+    if (!tokenInfoPtr->IsRemote() && !PermissionDefinitionCache::GetInstance().HasDefinition(permissionName)) {
+        ACCESSTOKEN_LOG_ERROR(
+            LABEL, "no definition for permission: %{public}s!", permissionName.c_str());
+        return PERMISSION_DENIED;
+    }
+    std::shared_ptr<PermissionPolicySet> permPolicySet =
+        AccessTokenInfoManager::GetInstance().GetNativePermissionPolicySet(tokenID);
+    if (permPolicySet == nullptr) {
+        ACCESSTOKEN_LOG_ERROR(LABEL, "invalid params!");
+        return PERMISSION_DENIED;
+    }
+
+    return permPolicySet->VerifyPermissStatus(permissionName);
+}
+
+int PermissionManager::VerifyAccessToken(AccessTokenID tokenID, const std::string& permissionName)
+{
+    ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: %{public}u, permissionName: %{public}s", __func__,
+        tokenID, permissionName.c_str());
+    if (!PermissionValidator::IsPermissionNameValid(permissionName)) {
+        ACCESSTOKEN_LOG_ERROR(LABEL, "invalid params!");
+        return PERMISSION_DENIED;
+    }
+
+    ATokenTypeEnum tokenType = AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(tokenID);
+    if (tokenType == TOKEN_NATIVE) {
+        return VerifyNativeAccessToken(tokenID, permissionName);
+    }
+    if (tokenType == TOKEN_HAP) {
+        return VerifyHapAccessToken(tokenID, permissionName);
+    }
+    ACCESSTOKEN_LOG_ERROR(LABEL, "invalid tokenType!");
+    return PERMISSION_DENIED;
+}
+
 int PermissionManager::VerifyNativeToken(AccessTokenID tokenID, const std::string& permissionName)
 {
     ACCESSTOKEN_LOG_INFO(LABEL,
-        "%{public}s called, tokenID: 0x%{public}x, permissionName: %{public}s", __func__,
+        "%{public}s called, tokenID: %{public}u, permissionName: %{public}s", __func__,
         tokenID, permissionName.c_str());
 
     PermissionDef permissionInfo;
@@ -160,7 +203,7 @@ int PermissionManager::GetDefPermission(const std::string& permissionName, Permi
 
 int PermissionManager::GetDefPermissions(AccessTokenID tokenID, std::vector<PermissionDef>& permList)
 {
-    ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: 0x%{public}x", __func__, tokenID);
+    ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: %{public}u", __func__, tokenID);
     std::shared_ptr<PermissionPolicySet> permPolicySet =
         AccessTokenInfoManager::GetInstance().GetHapPermissionPolicySet(tokenID);
     if (permPolicySet == nullptr) {
@@ -175,7 +218,7 @@ int PermissionManager::GetDefPermissions(AccessTokenID tokenID, std::vector<Perm
 int PermissionManager::GetReqPermissions(
     AccessTokenID tokenID, std::vector<PermissionStateFull>& reqPermList, bool isSystemGrant)
 {
-    ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: 0x%{public}x, isSystemGrant: %{public}d",
+    ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: %{public}u, isSystemGrant: %{public}d",
         __func__, tokenID, isSystemGrant);
     std::shared_ptr<PermissionPolicySet> permPolicySet =
         AccessTokenInfoManager::GetInstance().GetHapPermissionPolicySet(tokenID);
@@ -244,7 +287,7 @@ void PermissionManager::GetSelfPermissionState(std::vector<PermissionStateFull>
 
 int PermissionManager::GetPermissionFlag(AccessTokenID tokenID, const std::string& permissionName)
 {
-    ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: 0x%{public}x, permissionName: %{public}s",
+    ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: %{public}u, permissionName: %{public}s",
         __func__, tokenID, permissionName.c_str());
     if (!PermissionValidator::IsPermissionNameValid(permissionName)) {
         ACCESSTOKEN_LOG_ERROR(LABEL, "invalid params!");
@@ -292,7 +335,7 @@ void PermissionManager::UpdateTokenPermissionState(
 void PermissionManager::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, int flag)
 {
     ACCESSTOKEN_LOG_INFO(LABEL,
-        "%{public}s called, tokenID: 0x%{public}x, permissionName: %{public}s, flag: %{public}d",
+        "%{public}s called, tokenID: %{public}u, permissionName: %{public}s, flag: %{public}d",
         __func__, tokenID, permissionName.c_str(), flag);
     if (!PermissionValidator::IsPermissionNameValid(permissionName)) {
         ACCESSTOKEN_LOG_ERROR(LABEL, "invalid params!");
@@ -313,7 +356,7 @@ void PermissionManager::GrantPermission(AccessTokenID tokenID, const std::string
 void PermissionManager::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, int flag)
 {
     ACCESSTOKEN_LOG_INFO(LABEL,
-        "%{public}s called, tokenID: 0x%{public}x, permissionName: %{public}s, flag: %{public}d",
+        "%{public}s called, tokenID: %{public}u, permissionName: %{public}s, flag: %{public}d",
         __func__, tokenID, permissionName.c_str(), flag);
     if (!PermissionValidator::IsPermissionNameValid(permissionName)) {
         ACCESSTOKEN_LOG_ERROR(LABEL, "invalid params!");
@@ -333,7 +376,7 @@ void PermissionManager::RevokePermission(AccessTokenID tokenID, const std::strin
 
 void PermissionManager::ClearUserGrantedPermissionState(AccessTokenID tokenID)
 {
-    ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: 0x%{public}x", __func__, tokenID);
+    ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, tokenID: %{public}u", __func__, tokenID);
     std::shared_ptr<HapTokenInfoInner> infoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenID);
     if (infoPtr == nullptr) {
         ACCESSTOKEN_LOG_ERROR(LABEL, "invalid params!");
diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp
index 8f1bad23198877871138df38bd855589dd436e96..ce6ad9ea95db30e0298239b923994cd0f045104b 100644
--- a/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp
+++ b/services/accesstokenmanager/main/cpp/src/permission/permission_policy_set.cpp
@@ -19,6 +19,7 @@
 #include "data_storage.h"
 #include "data_translator.h"
 #include "field_const.h"
+#include "permission_definition_cache.h"
 #include "permission_validator.h"
 
 namespace OHOS {
@@ -324,6 +325,51 @@ void PermissionPolicySet::ToString(std::string& info)
     }
     info.append("\n  ]\n");
 }
+
+bool PermissionPolicySet::IsPermissionReqValid(int32_t tokenApl, const std::string &permissionName)
+{
+    PermissionDef permissionDef;
+    int ret = PermissionDefinitionCache::GetInstance().FindByPermissionName(
+        permissionName, permissionDef);
+    if (ret != RET_SUCCESS) {
+        return false;
+    }
+    if (tokenApl < permissionDef.availableLevel) {
+        return false;
+    }
+    return true;
+}
+
+void PermissionPolicySet::PermStateToString(int32_t tokenApl, std::string& info)
+{
+    Utils::UniqueReadGuard<Utils::RWLock> infoGuard(this->permPolicySetLock_);
+
+    std::vector<std::string> invaildPermList = {};
+    info.append(R"(  "permStateList": [)");
+    info.append("\n");
+    for (auto iter = permStateList_.begin(); iter != permStateList_.end(); iter++) {
+        if (!IsPermissionReqValid(tokenApl, iter->permissionName)) {
+            invaildPermList.emplace_back(iter->permissionName);
+            continue;
+        }
+        PermStateFullToString(*iter, info);
+        if (iter != (permStateList_.end() - 1)) {
+            info.append(",\n");
+        }
+    }
+    info.append("\n  ]\n");
+
+    if (invaildPermList.size() == 0) {
+        return;
+    }
+
+    info.append(R"(  "invaildPermList": [)");
+    info.append("\n");
+    for (auto iter = invaildPermList.begin(); iter != invaildPermList.end(); iter++) {
+        info.append(R"(      "permissionName": ")" + *iter + R"(")" + ",\n");
+    }
+    info.append("\n  ]\n");
+}
 } // namespace AccessToken
 } // namespace Security
 } // namespace OHOS
diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp
index 2607d550ffca9c5723b74d7b99766773a599b634..b1ebfed38218f5a0cbe82b5629e5f6af9b3d8058 100644
--- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp
+++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp
@@ -283,15 +283,15 @@ int AccessTokenManagerService::GetHapTokenInfoFromRemote(AccessTokenID tokenID,
         hapSyncParcel.hapTokenInfoForSyncParams);
 }
 
-int AccessTokenManagerService::GetAllNativeTokenInfo(std::vector<NativeTokenInfoParcel>& nativeTokenInfosRes)
+int AccessTokenManagerService::GetAllNativeTokenInfo(std::vector<NativeTokenInfoForSyncParcel>& nativeTokenInfosRes)
 {
     ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called", __func__);
 
-    std::vector<NativeTokenInfo> nativeVec;
+    std::vector<NativeTokenInfoForSync> nativeVec;
     AccessTokenInfoManager::GetInstance().GetAllNativeTokenInfo(nativeVec);
     for (auto& native : nativeVec) {
-        NativeTokenInfoParcel nativeParcel;
-        nativeParcel.nativeTokenInfoParams = native;
+        NativeTokenInfoForSyncParcel nativeParcel;
+        nativeParcel.nativeTokenInfoForSyncParams = native;
         nativeTokenInfosRes.emplace_back(nativeParcel);
     }
 
@@ -308,14 +308,14 @@ int AccessTokenManagerService::SetRemoteHapTokenInfo(const std::string& deviceID
 }
 
 int AccessTokenManagerService::SetRemoteNativeTokenInfo(const std::string& deviceID,
-    std::vector<NativeTokenInfoParcel>& nativeTokenInfoParcel)
+    std::vector<NativeTokenInfoForSyncParcel>& nativeTokenInfoForSyncParcel)
 {
     ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, deviceID: %{public}s", __func__, deviceID.c_str());
 
-    std::vector<NativeTokenInfo> nativeList;
+    std::vector<NativeTokenInfoForSync> nativeList;
 
-    for (auto& nativeParcel : nativeTokenInfoParcel) {
-        nativeList.emplace_back(nativeParcel.nativeTokenInfoParams);
+    for (auto& nativeParcel : nativeTokenInfoForSyncParcel) {
+        nativeList.emplace_back(nativeParcel.nativeTokenInfoForSyncParams);
     }
 
     return AccessTokenInfoManager::GetInstance().SetRemoteNativeTokenInfo(deviceID, nativeList);
diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp
index 86b58819a17375549d2b61aafea6f8a7ce97a7dd..6452f84495f665350b7bc2aac6873b93d86b8ed6 100644
--- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp
+++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp
@@ -344,7 +344,7 @@ void AccessTokenManagerStub::GetAllNativeTokenInfoInner(MessageParcel& data, Mes
         reply.WriteInt32(RET_FAILED);
         return;
     }
-    std::vector<NativeTokenInfoParcel> nativeTokenInfosRes;
+    std::vector<NativeTokenInfoForSyncParcel> nativeTokenInfosRes;
     int result = this->GetAllNativeTokenInfo(nativeTokenInfosRes);
     reply.WriteUint32(nativeTokenInfosRes.size());
     for (auto native : nativeTokenInfosRes) {
@@ -380,7 +380,7 @@ void AccessTokenManagerStub::SetRemoteNativeTokenInfoInner(MessageParcel& data,
     }
     std::string deviceID = data.ReadString();
 
-    std::vector<NativeTokenInfoParcel> nativeTokenInfoParcel;
+    std::vector<NativeTokenInfoForSyncParcel> nativeParcelList;
     uint32_t size = data.ReadUint32();
     if (size > MAX_NATIVE_TOKEN_INFO_SIZE) {
         ACCESSTOKEN_LOG_ERROR(LABEL, "size %{public}u is invalid", size);
@@ -388,16 +388,16 @@ void AccessTokenManagerStub::SetRemoteNativeTokenInfoInner(MessageParcel& data,
         return;
     }
     for (uint32_t i = 0; i < size; i++) {
-        sptr<NativeTokenInfoParcel> nativeParcel = data.ReadParcelable<NativeTokenInfoParcel>();
+        sptr<NativeTokenInfoForSyncParcel> nativeParcel = data.ReadParcelable<NativeTokenInfoForSyncParcel>();
         if (nativeParcel == nullptr) {
             ACCESSTOKEN_LOG_ERROR(LABEL, "nativeParcel read faild");
             reply.WriteInt32(RET_FAILED);
             return;
         }
-        nativeTokenInfoParcel.emplace_back(*nativeParcel);
+        nativeParcelList.emplace_back(*nativeParcel);
     }
 
-    int result = this->SetRemoteNativeTokenInfo(deviceID, nativeTokenInfoParcel);
+    int result = this->SetRemoteNativeTokenInfo(deviceID, nativeParcelList);
     reply.WriteInt32(result);
 }
 
diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp
index 5c0235ccdbc83deea32c7519e416ce845bf61d4e..963fa85dfbb4e010ffe61bfb0870eed01451eab5 100644
--- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp
+++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp
@@ -78,30 +78,30 @@ void AccessTokenInfoManager::InitHapTokenInfos()
         AccessTokenID tokenId = (AccessTokenID)tokenValue.GetInt(FIELD_TOKEN_ID);
         int ret = AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_HAP);
         if (ret != RET_SUCCESS) {
-            ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}x add id failed.", tokenId);
+            ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u add id failed.", tokenId);
             continue;
         }
         std::shared_ptr<HapTokenInfoInner> hap = std::make_shared<HapTokenInfoInner>();
         if (hap == nullptr) {
             AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId);
-            ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}x alloc failed.", tokenId);
+            ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u alloc failed.", tokenId);
             continue;
         }
         ret = hap->RestoreHapTokenInfo(tokenId, tokenValue, permDefRes, permStateRes);
         if (ret != RET_SUCCESS) {
             AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId);
-            ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}x restore failed.", tokenId);
+            ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u restore failed.", tokenId);
             continue;
         }
 
         ret = AddHapTokenInfo(hap);
         if (ret != RET_SUCCESS) {
             AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId);
-            ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}x add failed.", tokenId);
+            ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u add failed.", tokenId);
             continue;
         }
         ACCESSTOKEN_LOG_INFO(LABEL,
-            " restore hap token 0x%{public}x bundle name %{public}s user %{public}d inst %{public}d ok!",
+            " restore hap token %{public}u bundle name %{public}s user %{public}d inst %{public}d ok!",
             tokenId, hap->GetBundleName().c_str(), hap->GetUserID(), hap->GetInstIndex());
     }
 }
@@ -109,36 +109,39 @@ void AccessTokenInfoManager::InitHapTokenInfos()
 void AccessTokenInfoManager::InitNativeTokenInfos()
 {
     std::vector<GenericValues> nativeTokenResults;
+    std::vector<GenericValues> permStateRes;
+
     DataStorage::GetRealDataStorage().Find(DataStorage::ACCESSTOKEN_NATIVE_INFO, nativeTokenResults);
+    DataStorage::GetRealDataStorage().Find(DataStorage::ACCESSTOKEN_PERMISSION_STATE, permStateRes);
     for (GenericValues nativeTokenValue : nativeTokenResults) {
         AccessTokenID tokenId = (AccessTokenID)nativeTokenValue.GetInt(FIELD_TOKEN_ID);
         int ret = AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_NATIVE);
         if (ret != RET_SUCCESS) {
-            ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}x add failed.", tokenId);
+            ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u add failed.", tokenId);
             continue;
         }
         std::shared_ptr<NativeTokenInfoInner> native = std::make_shared<NativeTokenInfoInner>();
         if (native == nullptr) {
             AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId);
-            ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}x alloc failed.", tokenId);
+            ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u alloc failed.", tokenId);
             continue;
         }
 
-        ret = native->RestoreNativeTokenInfo(tokenId, nativeTokenValue);
+        ret = native->RestoreNativeTokenInfo(tokenId, nativeTokenValue, permStateRes);
         if (ret != RET_SUCCESS) {
             AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId);
-            ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}x restore failed.", tokenId);
+            ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u restore failed.", tokenId);
             continue;
         }
 
         ret = AddNativeTokenInfo(native);
         if (ret != RET_SUCCESS) {
             AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId);
-            ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId 0x%{public}x add failed.", tokenId);
+            ACCESSTOKEN_LOG_ERROR(LABEL, "tokenId %{public}u add failed.", tokenId);
             continue;
         }
         ACCESSTOKEN_LOG_INFO(LABEL,
-            "restore native token 0x%{public}x process name %{public}s ok!",
+            "restore native token %{public}u process name %{public}s ok!",
             tokenId, native->GetProcessName().c_str());
     }
 }
@@ -168,14 +171,14 @@ int AccessTokenInfoManager::AddHapTokenInfo(const std::shared_ptr<HapTokenInfoIn
     {
         Utils::UniqueWriteGuard<Utils::RWLock> infoGuard(this->hapTokenInfoLock_);
         if (hapTokenInfoMap_.count(id) > 0) {
-            ACCESSTOKEN_LOG_ERROR(LABEL, "token %{public}x info has exist.", id);
+            ACCESSTOKEN_LOG_ERROR(LABEL, "token %{public}u info has exist.", id);
             return RET_FAILED;
         }
 
         if (!info->IsRemote()) {
             std::string HapUniqueKey = GetHapUniqueStr(info);
             if (hapTokenIdMap_.count(HapUniqueKey) > 0) {
-                ACCESSTOKEN_LOG_ERROR(LABEL, "token %{public}x Unique info has exist.", id);
+                ACCESSTOKEN_LOG_ERROR(LABEL, "token %{public}u Unique info has exist.", id);
                 return RET_FAILED;
             }
             hapTokenIdMap_[HapUniqueKey] = id;
@@ -200,17 +203,19 @@ int AccessTokenInfoManager::AddNativeTokenInfo(const std::shared_ptr<NativeToken
     Utils::UniqueWriteGuard<Utils::RWLock> infoGuard(this->nativeTokenInfoLock_);
     if (nativeTokenInfoMap_.count(id) > 0) {
         ACCESSTOKEN_LOG_ERROR(
-            LABEL, "token %{public}x has exist.", id);
+            LABEL, "token %{public}u has exist.", id);
         return RET_FAILED;
     }
     if (!info->IsRemote()) {
         if (nativeTokenIdMap_.count(processName) > 0) {
             ACCESSTOKEN_LOG_ERROR(
-                LABEL, "token %{public}x process name %{public}s has exist.", id, processName.c_str());
+                LABEL, "token %{public}u process name %{public}s has exist.", id, processName.c_str());
             return RET_FAILED;
         }
         nativeTokenIdMap_[processName] = id;
     }
+
+    ACCESSTOKEN_LOG_INFO(LABEL, "token info is added %{public}u.", id);
     nativeTokenInfoMap_[id] = info;
 
     return RET_SUCCESS;
@@ -221,7 +226,7 @@ std::shared_ptr<HapTokenInfoInner> AccessTokenInfoManager::GetHapTokenInfoInner(
     Utils::UniqueReadGuard<Utils::RWLock> infoGuard(this->hapTokenInfoLock_);
     if (hapTokenInfoMap_.count(id) == 0) {
         ACCESSTOKEN_LOG_ERROR(
-            LABEL, "token %{public}x is invalid.", id);
+            LABEL, "token %{public}u is invalid.", id);
         return nullptr;
     }
     return hapTokenInfoMap_[id];
@@ -232,7 +237,7 @@ int AccessTokenInfoManager::GetHapTokenInfo(AccessTokenID tokenID, HapTokenInfo&
     std::shared_ptr<HapTokenInfoInner> infoPtr = GetHapTokenInfoInner(tokenID);
     if (infoPtr == nullptr) {
         ACCESSTOKEN_LOG_ERROR(
-            LABEL, "token %{public}x is invalid.", tokenID);
+            LABEL, "token %{public}u is invalid.", tokenID);
         return RET_FAILED;
     }
     infoPtr->TranslateToHapTokenInfo(InfoParcel);
@@ -244,7 +249,7 @@ std::shared_ptr<PermissionPolicySet> AccessTokenInfoManager::GetHapPermissionPol
     std::shared_ptr<HapTokenInfoInner> infoPtr = GetHapTokenInfoInner(id);
     if (infoPtr == nullptr) {
         ACCESSTOKEN_LOG_ERROR(
-            LABEL, "token %{public}x is invalid.", id);
+            LABEL, "token %{public}u is invalid.", id);
         return nullptr;
     }
     return infoPtr->GetHapInfoPermissionPolicySet();
@@ -255,7 +260,7 @@ std::shared_ptr<NativeTokenInfoInner> AccessTokenInfoManager::GetNativeTokenInfo
     Utils::UniqueReadGuard<Utils::RWLock> infoGuard(this->nativeTokenInfoLock_);
     if (nativeTokenInfoMap_.count(id) == 0) {
         ACCESSTOKEN_LOG_ERROR(
-            LABEL, "token %{public}x is invalid.", id);
+            LABEL, "token %{public}u is invalid.", id);
         return nullptr;
     }
     return nativeTokenInfoMap_[id];
@@ -266,7 +271,7 @@ int AccessTokenInfoManager::GetNativeTokenInfo(AccessTokenID tokenID, NativeToke
     std::shared_ptr<NativeTokenInfoInner> infoPtr = GetNativeTokenInfoInner(tokenID);
     if (infoPtr == nullptr) {
         ACCESSTOKEN_LOG_ERROR(
-            LABEL, "token %{public}x is invalid.", tokenID);
+            LABEL, "token %{public}u is invalid.", tokenID);
         return RET_FAILED;
     }
 
@@ -274,12 +279,23 @@ int AccessTokenInfoManager::GetNativeTokenInfo(AccessTokenID tokenID, NativeToke
     return RET_SUCCESS;
 }
 
+std::shared_ptr<PermissionPolicySet> AccessTokenInfoManager::GetNativePermissionPolicySet(AccessTokenID id)
+{
+    std::shared_ptr<NativeTokenInfoInner> infoPtr = GetNativeTokenInfoInner(id);
+    if (infoPtr == nullptr) {
+        ACCESSTOKEN_LOG_ERROR(
+            LABEL, "token %{public}u is invalid.", id);
+        return nullptr;
+    }
+    return infoPtr->GetNativeInfoPermissionPolicySet();
+}
+
 int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id)
 {
     ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdType(id);
     if (type != TOKEN_HAP) {
         ACCESSTOKEN_LOG_ERROR(
-            LABEL, "token %{public}x is not hap.", id);
+            LABEL, "token %{public}u is not hap.", id);
         return RET_FAILED;
     }
 
@@ -288,17 +304,17 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id)
     {
         Utils::UniqueWriteGuard<Utils::RWLock> infoGuard(this->hapTokenInfoLock_);
         if (hapTokenInfoMap_.count(id) == 0) {
-            ACCESSTOKEN_LOG_ERROR(LABEL, "hap token %{public}x no exist.", id);
+            ACCESSTOKEN_LOG_ERROR(LABEL, "hap token %{public}u no exist.", id);
             return RET_FAILED;
         }
 
         const std::shared_ptr<HapTokenInfoInner> info = hapTokenInfoMap_[id];
         if (info == nullptr) {
-            ACCESSTOKEN_LOG_ERROR(LABEL, "hap token %{public}x is null.", id);
+            ACCESSTOKEN_LOG_ERROR(LABEL, "hap token %{public}u is null.", id);
             return RET_FAILED;
         }
         if (info->IsRemote()) {
-            ACCESSTOKEN_LOG_ERROR(LABEL, "remote hap token %{public}x can not delete.", id);
+            ACCESSTOKEN_LOG_ERROR(LABEL, "remote hap token %{public}u can not delete.", id);
             return RET_FAILED;
         }
         std::string HapUniqueKey = GetHapUniqueStr(info);
@@ -309,7 +325,7 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id)
     }
 
     AccessTokenIDManager::GetInstance().ReleaseTokenId(id);
-    ACCESSTOKEN_LOG_INFO(LABEL, "remove hap token 0x%{public}x ok!", id);
+    ACCESSTOKEN_LOG_INFO(LABEL, "remove hap token %{public}u ok!", id);
     RefreshTokenInfoIfNeeded();
 #ifdef TOKEN_SYNC_ENABLE
     TokenModifyNotifier::GetInstance().NotifyTokenDelete(id);
@@ -323,7 +339,7 @@ int AccessTokenInfoManager::RemoveNativeTokenInfo(AccessTokenID id)
     ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdType(id);
     if (type != TOKEN_NATIVE) {
         ACCESSTOKEN_LOG_ERROR(
-            LABEL, "token %{public}x is not hap.", id);
+            LABEL, "token %{public}u is not hap.", id);
         return RET_FAILED;
     }
 
@@ -331,13 +347,13 @@ int AccessTokenInfoManager::RemoveNativeTokenInfo(AccessTokenID id)
     {
         Utils::UniqueWriteGuard<Utils::RWLock> infoGuard(this->nativeTokenInfoLock_);
         if (nativeTokenInfoMap_.count(id) == 0) {
-            ACCESSTOKEN_LOG_ERROR(LABEL, "native token %{public}x is null.", id);
+            ACCESSTOKEN_LOG_ERROR(LABEL, "native token %{public}u is null.", id);
             return RET_FAILED;
         }
 
         std::shared_ptr<NativeTokenInfoInner> info = nativeTokenInfoMap_[id];
         if (info->IsRemote()) {
-            ACCESSTOKEN_LOG_ERROR(LABEL, "remote native token %{public}x can not delete.", id);
+            ACCESSTOKEN_LOG_ERROR(LABEL, "remote native token %{public}u can not delete.", id);
             return RET_FAILED;
         }
         std::string processName = nativeTokenInfoMap_[id]->GetProcessName();
@@ -347,7 +363,7 @@ int AccessTokenInfoManager::RemoveNativeTokenInfo(AccessTokenID id)
         nativeTokenInfoMap_.erase(id);
     }
     AccessTokenIDManager::GetInstance().ReleaseTokenId(id);
-    ACCESSTOKEN_LOG_INFO(LABEL, "remove native token 0x%{public}x ok!", id);
+    ACCESSTOKEN_LOG_INFO(LABEL, "remove native token %{public}u ok!", id);
     if (!isRemote) {
         RefreshTokenInfoIfNeeded();
     }
@@ -383,7 +399,7 @@ int AccessTokenInfoManager::CreateHapTokenInfo(
         return RET_FAILED;
     }
     ACCESSTOKEN_LOG_INFO(LABEL,
-        "create hap token 0x%{public}x bundle name %{public}s user %{public}d inst %{public}d ok!",
+        "create hap token %{public}u bundle name %{public}s user %{public}d inst %{public}d ok!",
         tokenId, tokenInfo->GetBundleName().c_str(), tokenInfo->GetUserID(), tokenInfo->GetInstIndex());
 
     tokenIdEx.tokenIdExStruct.tokenID = tokenId;
@@ -397,7 +413,7 @@ int AccessTokenInfoManager::CheckNativeDCap(AccessTokenID tokenID, const std::st
     std::shared_ptr<NativeTokenInfoInner> infoPtr = GetNativeTokenInfoInner(tokenID);
     if (infoPtr == nullptr) {
         ACCESSTOKEN_LOG_ERROR(
-            LABEL, "token %{public}x is invalid.", tokenID);
+            LABEL, "token %{public}u is invalid.", tokenID);
         return RET_FAILED;
     }
 
@@ -469,7 +485,7 @@ void AccessTokenInfoManager::ProcessNativeTokenInfos(
         bool isUpdated = TryUpdateExistNativeToken(infoPtr);
         if (!isUpdated) {
             ACCESSTOKEN_LOG_INFO(LABEL,
-                "token 0x%{public}x process name %{public}s is new, add to manager!",
+                "token %{public}u process name %{public}s is new, add to manager!",
                 infoPtr->GetTokenID(), infoPtr->GetProcessName().c_str());
             AccessTokenID id = infoPtr->GetTokenID();
             int ret = AccessTokenIDManager::GetInstance().RegisterTokenId(id, TOKEN_NATIVE);
@@ -481,7 +497,7 @@ void AccessTokenInfoManager::ProcessNativeTokenInfos(
             if (ret != RET_SUCCESS) {
                 AccessTokenIDManager::GetInstance().ReleaseTokenId(id);
                 ACCESSTOKEN_LOG_ERROR(LABEL,
-                    "token 0x%{public}x process name %{public}s add to manager failed!",
+                    "token %{public}u process name %{public}s add to manager failed!",
                     infoPtr->GetTokenID(), infoPtr->GetProcessName().c_str());
             }
         }
@@ -493,17 +509,17 @@ int AccessTokenInfoManager::UpdateHapToken(AccessTokenID tokenID,
     const std::string& appIDDesc, const HapPolicyParams& policy)
 {
     if (!DataValidator::IsAppIDDescValid(appIDDesc)) {
-        ACCESSTOKEN_LOG_INFO(LABEL, "token 0x%{public}x parm format error!", tokenID);
+        ACCESSTOKEN_LOG_INFO(LABEL, "token %{public}u parm format error!", tokenID);
         return RET_FAILED;
     }
     std::shared_ptr<HapTokenInfoInner> infoPtr = GetHapTokenInfoInner(tokenID);
     if (infoPtr == nullptr) {
-        ACCESSTOKEN_LOG_INFO(LABEL, "token 0x%{public}x is null, can not update!", tokenID);
+        ACCESSTOKEN_LOG_INFO(LABEL, "token %{public}u is null, can not update!", tokenID);
         return RET_FAILED;
     }
 
     if (infoPtr->IsRemote()) {
-        ACCESSTOKEN_LOG_ERROR(LABEL, "remote hap token 0x%{public}x can not update!", tokenID);
+        ACCESSTOKEN_LOG_ERROR(LABEL, "remote hap token %{public}u can not update!", tokenID);
         return RET_FAILED;
     }
 
@@ -511,7 +527,7 @@ int AccessTokenInfoManager::UpdateHapToken(AccessTokenID tokenID,
         Utils::UniqueWriteGuard<Utils::RWLock> infoGuard(this->hapTokenInfoLock_);
         infoPtr->Update(appIDDesc, policy);
         ACCESSTOKEN_LOG_INFO(LABEL,
-            "token 0x%{public}x bundle name %{public}s user %{public}d inst %{public}d update ok!",
+            "token %{public}u bundle name %{public}s user %{public}d inst %{public}d update ok!",
             tokenID, infoPtr->GetBundleName().c_str(), infoPtr->GetUserID(), infoPtr->GetInstIndex());
     }
 
@@ -529,14 +545,14 @@ int AccessTokenInfoManager::GetHapTokenSync(AccessTokenID tokenID, HapTokenInfoF
     std::shared_ptr<HapTokenInfoInner> infoPtr = GetHapTokenInfoInner(tokenID);
     if (infoPtr == nullptr || infoPtr->IsRemote()) {
         ACCESSTOKEN_LOG_ERROR(
-            LABEL, "token %{public}x is invalid.", tokenID);
+            LABEL, "token %{public}u is invalid.", tokenID);
         return RET_FAILED;
     }
     hapSync.baseInfo = infoPtr->GetHapInfoBasic();
     std::shared_ptr<PermissionPolicySet> permSetPtr = infoPtr->GetHapInfoPermissionPolicySet();
     if (permSetPtr == nullptr) {
         ACCESSTOKEN_LOG_ERROR(
-            LABEL, "token %{public}x permSet is invalid.", tokenID);
+            LABEL, "token %{public}u permSet is invalid.", tokenID);
         return RET_FAILED;
     }
     permSetPtr->GetPermissionStateList(hapSync.permStateList);
@@ -551,7 +567,8 @@ int AccessTokenInfoManager::GetHapTokenInfoFromRemote(AccessTokenID tokenID,
     return ret;
 }
 
-void AccessTokenInfoManager::GetAllNativeTokenInfo(std::vector<NativeTokenInfo>& nativeTokenInfosRes)
+void AccessTokenInfoManager::GetAllNativeTokenInfo(
+    std::vector<NativeTokenInfoForSync>& nativeTokenInfosRes)
 {
     Utils::UniqueReadGuard<Utils::RWLock> infoGuard(this->nativeTokenInfoLock_);
     for (auto nativeTokenInner : nativeTokenInfoMap_) {
@@ -560,8 +577,18 @@ void AccessTokenInfoManager::GetAllNativeTokenInfo(std::vector<NativeTokenInfo>&
             || nativeTokenInnerPtr->GetDcap().size() <= 0) {
             continue;
         }
-        NativeTokenInfo token;
-        nativeTokenInnerPtr->TranslateToNativeTokenInfo(token);
+        NativeTokenInfoForSync token;
+        nativeTokenInnerPtr->TranslateToNativeTokenInfo(token.baseInfo);
+
+        std::shared_ptr<PermissionPolicySet> permSetPtr =
+            nativeTokenInnerPtr->GetNativeInfoPermissionPolicySet();
+        if (permSetPtr == nullptr) {
+            ACCESSTOKEN_LOG_ERROR(
+                LABEL, "token %{public}u permSet is invalid.", token.baseInfo.tokenID);
+            return;
+        }
+        permSetPtr->GetPermissionStateList(token.permStateList);
+
         nativeTokenInfosRes.emplace_back(token);
     }
     return;
@@ -571,7 +598,7 @@ int AccessTokenInfoManager::UpdateRemoteHapTokenInfo(AccessTokenID mapID, HapTok
 {
     std::shared_ptr<HapTokenInfoInner> infoPtr = GetHapTokenInfoInner(mapID);
     if (infoPtr == nullptr || !infoPtr->IsRemote()) {
-        ACCESSTOKEN_LOG_INFO(LABEL, "token 0x%{public}x is null or not remote, can not update!", mapID);
+        ACCESSTOKEN_LOG_INFO(LABEL, "token %{public}u is null or not remote, can not update!", mapID);
         return RET_FAILED;
     }
 
@@ -624,7 +651,7 @@ int AccessTokenInfoManager::SetRemoteHapTokenInfo(const std::string& deviceID, H
     AccessTokenID remoteID = hapSync.baseInfo.tokenID;
     AccessTokenID mapID = AccessTokenRemoteTokenManager::GetInstance().GetDeviceMappingTokenID(deviceID, remoteID);
     if (mapID != 0) {
-        ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}x update exist remote hap token %{public}x.",
+        ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}u update exist remote hap token %{public}u.",
             deviceID.c_str(), remoteID, mapID);
         // update remote token mapping id
         hapSync.baseInfo.tokenID = mapID;
@@ -635,7 +662,7 @@ int AccessTokenInfoManager::SetRemoteHapTokenInfo(const std::string& deviceID, H
     mapID = AccessTokenRemoteTokenManager::GetInstance().MapRemoteDeviceTokenToLocal(deviceID, remoteID);
     if (mapID == 0) {
         ACCESSTOKEN_LOG_ERROR(
-            LABEL, "device %{public}s token %{public}x map failed.", deviceID.c_str(), remoteID);
+            LABEL, "device %{public}s token %{public}u map failed.", deviceID.c_str(), remoteID);
         return RET_FAILED;
     }
 
@@ -645,38 +672,41 @@ int AccessTokenInfoManager::SetRemoteHapTokenInfo(const std::string& deviceID, H
 
     if (CreateRemoteHapTokenInfo(mapID, hapSync) == RET_FAILED) {
         AccessTokenRemoteTokenManager::GetInstance().RemoveDeviceMappingTokenID(deviceID, mapID);
-        ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}x map to local token %{public}x failed.",
+        ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}u map to local token %{public}u failed.",
             deviceID.c_str(), remoteID, mapID);
         return RET_FAILED;
     }
-    ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}x map to local token %{public}x success.",
+    ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}u map to local token %{public}u success.",
         deviceID.c_str(), remoteID, mapID);
     return RET_SUCCESS;
 }
 
 int AccessTokenInfoManager::SetRemoteNativeTokenInfo(const std::string& deviceID,
-    std::vector<NativeTokenInfo>& nativeTokenInfoList)
+    std::vector<NativeTokenInfoForSync>& nativeTokenInfoList)
 {
     if (!DataValidator::IsDeviceIdValid(deviceID)) {
         ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s parms invalid", deviceID.c_str());
         return RET_FAILED;
     }
 
-    for (NativeTokenInfo& nativeToken : nativeTokenInfoList) {
-        if (!DataValidator::IsAplNumValid(nativeToken.apl) || nativeToken.ver != DEFAULT_TOKEN_VERSION
-            || !DataValidator::IsProcessNameValid(nativeToken.processName) || nativeToken.dcap.size() <= 0
-            || AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(nativeToken.tokenID) != TOKEN_NATIVE) {
+    for (NativeTokenInfoForSync& nativeToken : nativeTokenInfoList) {
+        if (!DataValidator::IsAplNumValid(nativeToken.baseInfo.apl) ||
+            nativeToken.baseInfo.ver != DEFAULT_TOKEN_VERSION ||
+            !DataValidator::IsProcessNameValid(nativeToken.baseInfo.processName) ||
+            nativeToken.baseInfo.dcap.size() <= 0 ||
+            AccessTokenIDManager::GetInstance().GetTokenIdTypeEnum(nativeToken.baseInfo.tokenID) != TOKEN_NATIVE) {
             ACCESSTOKEN_LOG_ERROR(
-                LABEL, "device %{public}s token %{public}x is invalid.", deviceID.c_str(), nativeToken.tokenID);
+                LABEL, "device %{public}s token %{public}u is invalid.",
+                deviceID.c_str(), nativeToken.baseInfo.tokenID);
             continue;
         }
 
-        AccessTokenID remoteID = nativeToken.tokenID;
+        AccessTokenID remoteID = nativeToken.baseInfo.tokenID;
         AccessTokenID mapID = AccessTokenRemoteTokenManager::GetInstance().GetDeviceMappingTokenID(deviceID, remoteID);
         if (mapID != 0) {
             ACCESSTOKEN_LOG_ERROR(
-                LABEL, "device %{public}s token %{public}x has maped, no need update it.",
-                deviceID.c_str(), nativeToken.tokenID);
+                LABEL, "device %{public}s token %{public}u has maped, no need update it.",
+                deviceID.c_str(), nativeToken.baseInfo.tokenID);
             continue;
         }
 
@@ -684,18 +714,19 @@ int AccessTokenInfoManager::SetRemoteNativeTokenInfo(const std::string& deviceID
         if (mapID == 0) {
             AccessTokenRemoteTokenManager::GetInstance().RemoveDeviceMappingTokenID(deviceID, mapID);
             ACCESSTOKEN_LOG_ERROR(
-                LABEL, "device %{public}s token %{public}x map failed.",
+                LABEL, "device %{public}s token %{public}u map failed.",
                 deviceID.c_str(), remoteID);
             continue;
         }
-        nativeToken.tokenID = mapID;
-        ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}x map to local token %{public}x.",
+        nativeToken.baseInfo.tokenID = mapID;
+        ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}u map to local token %{public}u.",
             deviceID.c_str(), remoteID, mapID);
 
-        std::shared_ptr<NativeTokenInfoInner> nativePtr = std::make_shared<NativeTokenInfoInner>(nativeToken);
+        std::shared_ptr<NativeTokenInfoInner> nativePtr =
+            std::make_shared<NativeTokenInfoInner>(nativeToken.baseInfo, nativeToken.permStateList);
         if (nativePtr == nullptr) {
             AccessTokenRemoteTokenManager::GetInstance().RemoveDeviceMappingTokenID(deviceID, mapID);
-            ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s tokenId 0x%{public}x alloc local token failed.",
+            ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s tokenId %{public}u alloc local token failed.",
                 deviceID.c_str(), remoteID);
             continue;
         }
@@ -703,11 +734,11 @@ int AccessTokenInfoManager::SetRemoteNativeTokenInfo(const std::string& deviceID
         int ret = AddNativeTokenInfo(nativePtr);
         if (ret != RET_SUCCESS) {
             AccessTokenRemoteTokenManager::GetInstance().RemoveDeviceMappingTokenID(deviceID, mapID);
-            ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s tokenId 0x%{public}x add local token failed.",
+            ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s tokenId %{public}u add local token failed.",
                 deviceID.c_str(), remoteID);
             continue;
         }
-        ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}x map token %{public}x add success.",
+        ACCESSTOKEN_LOG_INFO(LABEL, "device %{public}s token %{public}u map token %{public}u add success.",
             deviceID.c_str(), remoteID, mapID);
     }
 
@@ -722,7 +753,7 @@ int AccessTokenInfoManager::DeleteRemoteToken(const std::string& deviceID, Acces
     }
     AccessTokenID mapID = AccessTokenRemoteTokenManager::GetInstance().GetDeviceMappingTokenID(deviceID, tokenID);
     if (mapID == 0) {
-        ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s tokenId 0x%{public}x is not mapped",
+        ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s tokenId %{public}u is not mapped",
             deviceID.c_str(), tokenID);
         return RET_FAILED;
     }
@@ -731,7 +762,7 @@ int AccessTokenInfoManager::DeleteRemoteToken(const std::string& deviceID, Acces
     if (type == TOKEN_HAP) {
         Utils::UniqueWriteGuard<Utils::RWLock> infoGuard(this->hapTokenInfoLock_);
         if (hapTokenInfoMap_.count(mapID) == 0) {
-            ACCESSTOKEN_LOG_ERROR(LABEL, "hap token %{public}x no exist.", mapID);
+            ACCESSTOKEN_LOG_ERROR(LABEL, "hap token %{public}u no exist.", mapID);
             return RET_FAILED;
         }
         hapTokenInfoMap_.erase(mapID);
@@ -739,12 +770,12 @@ int AccessTokenInfoManager::DeleteRemoteToken(const std::string& deviceID, Acces
         Utils::UniqueWriteGuard<Utils::RWLock> infoGuard(this->nativeTokenInfoLock_);
         if (nativeTokenInfoMap_.count(mapID) == 0) {
             ACCESSTOKEN_LOG_ERROR(
-                LABEL, "native token %{public}x is null.", mapID);
+                LABEL, "native token %{public}u is null.", mapID);
             return RET_FAILED;
         }
         nativeTokenInfoMap_.erase(mapID);
     } else {
-        ACCESSTOKEN_LOG_ERROR(LABEL, "mapping tokenId 0x%{public}x type is unknown", mapID);
+        ACCESSTOKEN_LOG_ERROR(LABEL, "mapping tokenId %{public}u type is unknown", mapID);
     }
 
     return AccessTokenRemoteTokenManager::GetInstance().RemoveDeviceMappingTokenID(deviceID, tokenID);
@@ -792,7 +823,7 @@ AccessTokenID AccessTokenInfoManager::AllocLocalTokenID(const std::string& remot
     }
     int ret = TokenSyncKit::GetRemoteHapTokenInfo(remoteDeviceID, remoteTokenID);
     if (ret != RET_SUCCESS) {
-        ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s token %{public}x sync failed",
+        ACCESSTOKEN_LOG_ERROR(LABEL, "device %{public}s token %{public}u sync failed",
             remoteDeviceID.c_str(), remoteTokenID);
         return 0;
     }
@@ -833,7 +864,7 @@ void AccessTokenInfoManager::StoreAllTokenInfo()
         Utils::UniqueReadGuard<Utils::RWLock> infoGuard(this->nativeTokenInfoLock_);
         for (auto iter = nativeTokenInfoMap_.begin(); iter != nativeTokenInfoMap_.end(); iter++) {
             if (iter->second != nullptr) {
-                iter->second->StoreNativeInfo(nativeTokenValues);
+                iter->second->StoreNativeInfo(nativeTokenValues, permStateValues);
             }
         }
     }
diff --git a/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp b/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp
index 0f85b2e7bbff6070a102e421f06a7bfd9602c79e..4a41f2f57c5a475272a92538f891955e637f524e 100644
--- a/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp
+++ b/services/accesstokenmanager/main/cpp/src/token/native_token_info_inner.cpp
@@ -37,35 +37,44 @@ NativeTokenInfoInner::NativeTokenInfoInner() : isRemote_(false)
     tokenInfoBasic_.apl = APL_NORMAL;
 }
 
-NativeTokenInfoInner::NativeTokenInfoInner(NativeTokenInfo& native) : isRemote_(false)
+NativeTokenInfoInner::NativeTokenInfoInner(NativeTokenInfo& native,
+    const std::vector<PermissionStateFull>& permStateList) : isRemote_(false)
 {
     tokenInfoBasic_ = native;
+    std::vector<PermissionDef> permDefList = {};
+    permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(native.tokenID,
+        permDefList, permStateList);
 }
 
 NativeTokenInfoInner::~NativeTokenInfoInner()
 {
     ACCESSTOKEN_LOG_DEBUG(LABEL,
-        "tokenID: 0x%{public}x destruction", tokenInfoBasic_.tokenID);
+        "tokenID: %{public}u destruction", tokenInfoBasic_.tokenID);
 }
 
 int NativeTokenInfoInner::Init(AccessTokenID id, const std::string& processName,
-    int apl, const std::vector<std::string>& dcap)
+    int apl, const std::vector<std::string>& dcap,
+    const std::vector<PermissionStateFull> &permStateList)
 {
     tokenInfoBasic_.tokenID = id;
     if (!DataValidator::IsProcessNameValid(processName)) {
         ACCESSTOKEN_LOG_ERROR(LABEL,
-            "tokenID: 0x%{public}x process name is null", tokenInfoBasic_.tokenID);
+            "tokenID: %{public}u process name is null", tokenInfoBasic_.tokenID);
         return RET_FAILED;
     }
     tokenInfoBasic_.processName = processName;
     if (!DataValidator::IsAplNumValid(apl)) {
         ACCESSTOKEN_LOG_ERROR(LABEL,
-            "tokenID: 0x%{public}x init failed, apl %{public}d is invalid",
+            "tokenID: %{public}u init failed, apl %{public}d is invalid",
             tokenInfoBasic_.tokenID, apl);
         return RET_FAILED;
     }
     tokenInfoBasic_.apl = (ATokenAplEnum)apl;
     tokenInfoBasic_.dcap = dcap;
+
+    std::vector<PermissionDef> permDefList = {};
+    permPolicySet_ = PermissionPolicySet::BuildPermissionPolicySet(id,
+        permDefList, permStateList);
     return RET_SUCCESS;
 }
 
@@ -93,19 +102,20 @@ int NativeTokenInfoInner::TranslationIntoGenericValues(GenericValues& outGeneric
     return RET_SUCCESS;
 }
 
-int NativeTokenInfoInner::RestoreNativeTokenInfo(AccessTokenID tokenId, const GenericValues& inGenericValues)
+int NativeTokenInfoInner::RestoreNativeTokenInfo(AccessTokenID tokenId, const GenericValues& inGenericValues,
+    const std::vector<GenericValues>& permStateRes)
 {
     tokenInfoBasic_.tokenID = tokenId;
     tokenInfoBasic_.processName = inGenericValues.GetString(FIELD_PROCESS_NAME);
     if (!DataValidator::IsProcessNameValid(tokenInfoBasic_.processName)) {
         ACCESSTOKEN_LOG_ERROR(LABEL,
-            "tokenID: 0x%{public}x process name is null", tokenInfoBasic_.tokenID);
+            "tokenID: %{public}u process name is null", tokenInfoBasic_.tokenID);
         return RET_FAILED;
     }
     int aplNum = inGenericValues.GetInt(FIELD_APL);
     if (!DataValidator::IsAplNumValid(aplNum)) {
         ACCESSTOKEN_LOG_ERROR(LABEL,
-            "tokenID: 0x%{public}x apl is error, value %{public}d",
+            "tokenID: %{public}u apl is error, value %{public}d",
             tokenInfoBasic_.tokenID, aplNum);
         return RET_FAILED;
     }
@@ -113,13 +123,17 @@ int NativeTokenInfoInner::RestoreNativeTokenInfo(AccessTokenID tokenId, const Ge
     tokenInfoBasic_.ver = (char)inGenericValues.GetInt(FIELD_TOKEN_VERSION);
     if (tokenInfoBasic_.ver != DEFAULT_TOKEN_VERSION) {
         ACCESSTOKEN_LOG_ERROR(LABEL,
-            "tokenID: 0x%{public}x version is error, version %{public}d",
+            "tokenID: %{public}u version is error, version %{public}d",
             tokenInfoBasic_.tokenID, tokenInfoBasic_.ver);
         return RET_FAILED;
     }
 
     SetDcaps(inGenericValues.GetString(FIELD_DCAP));
     tokenInfoBasic_.tokenAttr = (uint32_t)inGenericValues.GetInt(FIELD_TOKEN_ATTR);
+
+    std::vector<GenericValues> permDefRes = {};
+    permPolicySet_ = PermissionPolicySet::RestorePermissionPolicy(tokenId,
+        permDefRes, permStateRes);
     return RET_SUCCESS;
 }
 
@@ -133,7 +147,8 @@ void NativeTokenInfoInner::TranslateToNativeTokenInfo(NativeTokenInfo& InfoParce
     InfoParcel.tokenAttr = tokenInfoBasic_.tokenAttr;
 }
 
-void NativeTokenInfoInner::StoreNativeInfo(std::vector<GenericValues>& valueList) const
+void NativeTokenInfoInner::StoreNativeInfo(std::vector<GenericValues>& valueList,
+    std::vector<GenericValues>& permStateValues) const
 {
     if (isRemote_) {
         return;
@@ -141,6 +156,11 @@ void NativeTokenInfoInner::StoreNativeInfo(std::vector<GenericValues>& valueList
     GenericValues genericValues;
     TranslationIntoGenericValues(genericValues);
     valueList.emplace_back(genericValues);
+
+    if (permPolicySet_ != nullptr) {
+        std::vector<GenericValues> permDefValues;
+        permPolicySet_->StorePermissionPolicySet(permDefValues, permStateValues);
+    }
 }
 
 AccessTokenID NativeTokenInfoInner::GetTokenID() const
@@ -158,6 +178,11 @@ std::string NativeTokenInfoInner::GetProcessName() const
     return tokenInfoBasic_.processName;
 }
 
+std::shared_ptr<PermissionPolicySet> NativeTokenInfoInner::GetNativeInfoPermissionPolicySet() const
+{
+    return permPolicySet_;
+}
+
 bool NativeTokenInfoInner::IsRemote() const
 {
     return isRemote_;
@@ -193,6 +218,9 @@ void NativeTokenInfoInner::ToString(std::string& info) const
     info.append(R"(  "apl": )" + std::to_string(tokenInfoBasic_.apl) + ",\n");
     info.append(R"(  "dcap": ")" + DcapToString(tokenInfoBasic_.dcap) + R"(")" + ",\n");
     info.append(R"(  "isRemote": )" + std::to_string(isRemote_? 1 : 0) + ",\n");
+    if (permPolicySet_ != nullptr) {
+        permPolicySet_->PermStateToString(tokenInfoBasic_.apl, info);
+    }
     info.append("}");
 }
 } // namespace AccessToken
diff --git a/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp b/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp
index 7fef139d900a5b72fcce88d3e508050c38f809a1..995b7a1d6ca7e57c276381b21062f9520b63a78c 100644
--- a/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp
+++ b/services/accesstokenmanager/main/cpp/src/token/native_token_receptor.cpp
@@ -32,6 +32,29 @@ namespace {
 static constexpr OHOS::HiviewDFX::HiLogLabel LABEL = {LOG_CORE, SECURITY_DOMAIN_ACCESSTOKEN, "NativeTokenReceptor"};
 }
 
+int32_t NativeReqPermsGet(
+    const nlohmann::json& j, std::vector<PermissionStateFull> &permStateList)
+{
+    std::vector<std::string> permReqList;
+    if (j.find(JSON_PERMS) == j.end()) {
+        return RET_FAILED;
+    }
+    permReqList = j.at(JSON_PERMS).get<std::vector<std::string>>();
+    if (permReqList.size() > MAX_REQ_PERM_NUM) {
+        return RET_FAILED;
+    }
+    for (auto permReq : permReqList) {
+        PermissionStateFull permState;
+        permState.permissionName = permReq;
+        permState.isGeneral = 1;
+        permState.resDeviceID.push_back("");
+        permState.grantStatus.push_back(PERMISSION_GRANTED);
+        permState.grantFlags.push_back(PERMISSION_SYSTEM_FIXED);
+        permStateList.push_back(permState);
+    }
+    return RET_SUCCESS;
+}
+
 // nlohmann json need the function named from_json to parse NativeTokenInfo
 void from_json(const nlohmann::json& j, std::shared_ptr<NativeTokenInfoInner>& p)
 {
@@ -89,7 +112,13 @@ void from_json(const nlohmann::json& j, std::shared_ptr<NativeTokenInfoInner>& p
     } else {
         return;
     }
-    p = std::make_shared<NativeTokenInfoInner>(native);
+
+    std::vector<PermissionStateFull> permStateList;
+    if (NativeReqPermsGet(j, permStateList) != RET_SUCCESS) {
+        return;
+    }
+
+    p = std::make_shared<NativeTokenInfoInner>(native, permStateList);
 }
 
 int32_t NativeTokenReceptor::ParserNativeRawData(const std::string& nativeRawData,
diff --git a/services/accesstokenmanager/test/BUILD.gn b/services/accesstokenmanager/test/BUILD.gn
index ae4871cf07186c2cdccecdcdc4e6e1d579917b48..7e60e72247b6369bec65a50173aa045599c66215 100644
--- a/services/accesstokenmanager/test/BUILD.gn
+++ b/services/accesstokenmanager/test/BUILD.gn
@@ -43,6 +43,7 @@ ohos_unittest("libaccesstoken_manager_service_standard_test") {
   deps = [
     "//base/security/access_token/frameworks/accesstoken:accesstoken_communication_adapter_cxx",
     "//base/security/access_token/frameworks/common:accesstoken_common_cxx",
+    "//base/security/access_token/interfaces/innerkits/accesstoken:libaccesstoken_sdk",
     "//base/security/access_token/interfaces/innerkits/nativetoken:libnativetoken",
     "//base/security/access_token/services/accesstokenmanager/:accesstoken_manager_service",
     "//third_party/googletest:gtest_main",
diff --git a/services/accesstokenmanager/test/unittest/cpp/src/native_token_receptor_test.cpp b/services/accesstokenmanager/test/unittest/cpp/src/native_token_receptor_test.cpp
index 28218f8f6cc6bb345cd6f125286ab58b5c5b1306..33c9c5d8f86f5ce1258ab1714bf099ff1bef0ed6 100644
--- a/services/accesstokenmanager/test/unittest/cpp/src/native_token_receptor_test.cpp
+++ b/services/accesstokenmanager/test/unittest/cpp/src/native_token_receptor_test.cpp
@@ -26,9 +26,11 @@
 #include <vector>
 
 #include "accesstoken_info_manager.h"
+#include "accesstoken_kit.h"
 #include "permission_manager.h"
 #include "data_storage.h"
 #include "field_const.h"
+#include "permission_state_full.h"
 #define private public
 #include "nativetoken_kit.h"
 #include "native_token_receptor.h"
@@ -72,9 +74,9 @@ HWTEST_F(NativeTokenReceptorTest, ParserNativeRawData001, TestSize.Level1)
     ACCESSTOKEN_LOG_INFO(LABEL, "test ParserNativeRawData001!");
     std::string testStr = R"([)"\
         R"({"processName":"process6","APL":3,"version":1,"tokenId":685266937,"tokenAttr":0,)"\
-        R"("dcaps":["AT_CAP","ST_CAP"]},)"\
+        R"("dcaps":["AT_CAP","ST_CAP"], "permissions":[]},)"\
         R"({"processName":"process5","APL":3,"version":1,"tokenId":678065606,"tokenAttr":0,)"\
-        R"("dcaps":["AT_CAP","ST_CAP"]}])";
+        R"("dcaps":["AT_CAP","ST_CAP"], "permissions":[]}])";
 
     NativeTokenReceptor& receptor = NativeTokenReceptor::GetInstance();
     std::vector<std::shared_ptr<NativeTokenInfoInner>> tokenInfos;
@@ -174,7 +176,8 @@ HWTEST_F(NativeTokenReceptorTest, from_json001, TestSize.Level1)
         {"version", 1},
         {"tokenId", 685266937},
         {"tokenAttr", 0},
-        {"dcaps", {"AT_CAP", "ST_CAP"}}};
+        {"dcaps", {"AT_CAP", "ST_CAP"}},
+        {"permissions", {"ohos.permission.PLACE_CALL"}}};
     std::shared_ptr<NativeTokenInfoInner> p;
     from_json(j, p);
     ASSERT_NE((p == nullptr), true);
@@ -265,7 +268,9 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos001, TestSize.Level1)
         .tokenAttr = 0,
         .dcap =  {"AT_CAP", "ST_CAP"}
     };
-    std::shared_ptr<NativeTokenInfoInner> nativeToken = std::make_shared<NativeTokenInfoInner>(info);
+
+    std::vector<PermissionStateFull> permStateList = {};
+    std::shared_ptr<NativeTokenInfoInner> nativeToken = std::make_shared<NativeTokenInfoInner>(info, permStateList);
     tokenInfos.emplace_back(nativeToken);
     AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos);
     NativeTokenInfo findInfo;
@@ -284,6 +289,8 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos001, TestSize.Level1)
     // get sql data
     std::vector<GenericValues> nativeTokenResults;
     DataStorage::GetRealDataStorage().Find(DataStorage::ACCESSTOKEN_NATIVE_INFO, nativeTokenResults);
+    std::vector<GenericValues> permStateRes;
+    DataStorage::GetRealDataStorage().Find(DataStorage::ACCESSTOKEN_PERMISSION_STATE, permStateRes);
     for (GenericValues nativeTokenValue : nativeTokenResults) {
         AccessTokenID tokenId = (AccessTokenID)nativeTokenValue.GetInt(FIELD_TOKEN_ID);
         if (tokenId != info.tokenID) {
@@ -292,7 +299,7 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos001, TestSize.Level1)
         GTEST_LOG_(INFO) <<"apl " << nativeTokenValue.GetInt(FIELD_APL);
         std::shared_ptr<NativeTokenInfoInner> native = std::make_shared<NativeTokenInfoInner>();
         ASSERT_NE(native, nullptr);
-        ret = native->RestoreNativeTokenInfo(tokenId, nativeTokenValue);
+        ret = native->RestoreNativeTokenInfo(tokenId, nativeTokenValue, permStateRes);
         ASSERT_EQ(ret, RET_SUCCESS);
         ASSERT_EQ(native->GetTokenID(), info.tokenID);
         ASSERT_EQ(native->GetProcessName(), info.processName);
@@ -332,10 +339,47 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos002, TestSize.Level1)
         .dcap =  {"AT_CAP", "ST_CAP"}
     };
 
-    std::shared_ptr<NativeTokenInfoInner> nativeToken1 = std::make_shared<NativeTokenInfoInner>(info1);
+    PermissionStateFull infoManagerTestState1 = {
+        .grantFlags = {0},
+        .grantStatus = {0},
+        .isGeneral = true,
+        .permissionName = "ohos.permission.ACCELEROMETER",
+        .resDeviceID = {"local"}
+    };
+
+    PermissionStateFull infoManagerTestState2 = {
+        .permissionName = "ohos.permission.MANAGE_USER_IDM",
+        .isGeneral = true,
+        .grantFlags = {0, 2},
+        .grantStatus = {0, 0},
+        .resDeviceID = {"device 1", "device 2"}
+    };
+
+    PermissionStateFull infoManagerTestState3 = {
+        .permissionName = "ohos.permission.USER_TEAT",
+        .isGeneral = true,
+        .grantFlags = {0, 2},
+        .grantStatus = {0, 0},
+        .resDeviceID = {"device 1", "device 2"}
+    };
+
+    std::vector<PermissionStateFull> permStateList = {
+        infoManagerTestState1, infoManagerTestState2, infoManagerTestState3};
+    std::shared_ptr<NativeTokenInfoInner> nativeToken1 = std::make_shared<NativeTokenInfoInner>(info1, permStateList);
+
+    std::shared_ptr<PermissionPolicySet> permPolicySet =
+        nativeToken1->GetNativeInfoPermissionPolicySet();
+    GTEST_LOG_(INFO) <<"permPolicySet: " << permPolicySet;
+
+    std::vector<PermissionStateFull> permList;
+    permPolicySet->GetPermissionStateFulls(permList);
+    for (auto& perm : permList) {
+        GTEST_LOG_(INFO) <<"perm.permissionName: " << perm.permissionName;
+    }
+
     tokenInfos.emplace_back(nativeToken1);
 
-    std::shared_ptr<NativeTokenInfoInner> nativeToken2 = std::make_shared<NativeTokenInfoInner>(info2);
+    std::shared_ptr<NativeTokenInfoInner> nativeToken2 = std::make_shared<NativeTokenInfoInner>(info2, permStateList);
     tokenInfos.emplace_back(nativeToken2);
 
     AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos);
@@ -350,6 +394,13 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos002, TestSize.Level1)
     ASSERT_EQ(findInfo.tokenAttr, info1.tokenAttr);
     ASSERT_EQ(findInfo.dcap, info1.dcap);
 
+    ret = PermissionManager::GetInstance().VerifyAccessToken(info1.tokenID, "ohos.permission.MANAGE_USER_IDM");
+    ASSERT_EQ(ret, PERMISSION_GRANTED);
+    ret = PermissionManager::GetInstance().VerifyAccessToken(info1.tokenID, "ohos.permission.ACCELEROMETER");
+    ASSERT_EQ(ret, PERMISSION_GRANTED);
+    ret = PermissionManager::GetInstance().VerifyAccessToken(info1.tokenID, "ohos.permission.DISCOVER_BLUETOOTH");
+    ASSERT_EQ(ret, PERMISSION_DENIED);
+
     ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(info2.tokenID, findInfo);
     ASSERT_EQ(ret, RET_SUCCESS);
     ASSERT_EQ(findInfo.apl, info2.apl);
@@ -362,6 +413,11 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos002, TestSize.Level1)
     ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info1.tokenID);
     ASSERT_EQ(ret, RET_SUCCESS);
 
+    ret = PermissionManager::GetInstance().VerifyAccessToken(info2.tokenID, "ohos.permission.MANAGE_USER_IDM");
+    ASSERT_EQ(ret, PERMISSION_GRANTED);
+    ret = PermissionManager::GetInstance().VerifyAccessToken(info2.tokenID, "ohos.permission.ACCELEROMETER");
+    ASSERT_EQ(ret, PERMISSION_GRANTED);
+
     ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(info2.tokenID);
     ASSERT_EQ(ret, RET_SUCCESS);
 }
@@ -411,11 +467,11 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos004, TestSize.Level1)
         .tokenAttr = 0,
         .dcap =  {"AT_CAP", "ST_CAP"}
     };
-
-    std::shared_ptr<NativeTokenInfoInner> nativeToken3 = std::make_shared<NativeTokenInfoInner>(info3);
+    std::vector<PermissionStateFull> permStateList = {};
+    std::shared_ptr<NativeTokenInfoInner> nativeToken3 = std::make_shared<NativeTokenInfoInner>(info3, permStateList);
     tokenInfos.emplace_back(nativeToken3);
 
-    std::shared_ptr<NativeTokenInfoInner> nativeToken4 = std::make_shared<NativeTokenInfoInner>(info4);
+    std::shared_ptr<NativeTokenInfoInner> nativeToken4 = std::make_shared<NativeTokenInfoInner>(info4, permStateList);
     tokenInfos.emplace_back(nativeToken4);
 
     AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos);
@@ -462,11 +518,11 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos005, TestSize.Level1)
         .tokenAttr = 0,
         .dcap =  {"AT_CAP", "ST_CAP"}
     };
-
-    std::shared_ptr<NativeTokenInfoInner> nativeToken5 = std::make_shared<NativeTokenInfoInner>(info5);
+    std::vector<PermissionStateFull> permStateList = {};
+    std::shared_ptr<NativeTokenInfoInner> nativeToken5 = std::make_shared<NativeTokenInfoInner>(info5, permStateList);
     tokenInfos.emplace_back(nativeToken5);
 
-    std::shared_ptr<NativeTokenInfoInner> nativeToken6 = std::make_shared<NativeTokenInfoInner>(info6);
+    std::shared_ptr<NativeTokenInfoInner> nativeToken6 = std::make_shared<NativeTokenInfoInner>(info6, permStateList);
     tokenInfos.emplace_back(nativeToken6);
 
     AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos);
@@ -516,11 +572,11 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos006, TestSize.Level1)
         .tokenAttr = 0,
         .dcap =  {"AT_CAP"}
     };
-
-    std::shared_ptr<NativeTokenInfoInner> nativeToken7 = std::make_shared<NativeTokenInfoInner>(info7);
+    std::vector<PermissionStateFull> permStateList = {};
+    std::shared_ptr<NativeTokenInfoInner> nativeToken7 = std::make_shared<NativeTokenInfoInner>(info7, permStateList);
     tokenInfos.emplace_back(nativeToken7);
 
-    std::shared_ptr<NativeTokenInfoInner> nativeToken8 = std::make_shared<NativeTokenInfoInner>(info8);
+    std::shared_ptr<NativeTokenInfoInner> nativeToken8 = std::make_shared<NativeTokenInfoInner>(info8, permStateList);
     tokenInfos.emplace_back(nativeToken8);
 
     AccessTokenInfoManager::GetInstance().ProcessNativeTokenInfos(tokenInfos);
@@ -553,19 +609,25 @@ HWTEST_F(NativeTokenReceptorTest, init001, TestSize.Level1)
     const char *dcaps[1];
     dcaps[0] = "AT_CAP_01";
     int dcapNum = 1;
-    char processName[32];
-    (void)strcpy_s(processName, sizeof(processName), "native_token_test7");
-    char apl[32];
-    (void)strcpy_s(apl, sizeof(apl), "system_core");
-
-    uint64_t tokenId = ::GetAccessTokenId(processName, dcaps, dcapNum, apl);
+    const char *perms[2];
+    perms[0] = "ohos.permission.test1";
+    perms[1] = "ohos.permission.test2";
+    NativeTokenInfoParams infoInstance = {
+        .dcapsNum = dcapNum,
+        .permsNum = 2,
+        .dcaps = dcaps,
+        .perms = perms,
+        .processName = "native_token_test7",
+        .aplStr = "system_core",
+    };
+    uint64_t tokenId = ::GetAccessTokenId(&infoInstance);
     ASSERT_NE(tokenId, 0);
 
     NativeTokenReceptor::GetInstance().Init();
     NativeTokenInfo findInfo;
     int ret = AccessTokenInfoManager::GetInstance().GetNativeTokenInfo(tokenId, findInfo);
     ASSERT_EQ(ret, RET_SUCCESS);
-    ASSERT_EQ(findInfo.processName, processName);
+    ASSERT_EQ(findInfo.processName, infoInstance.processName);
 
     ret = AccessTokenInfoManager::GetInstance().RemoveNativeTokenInfo(tokenId);
     ASSERT_EQ(ret, RET_SUCCESS);
@@ -592,11 +654,25 @@ HWTEST_F(NativeTokenReceptorTest, ProcessNativeTokenInfos007, TestSize.Level1)
     char apl1[32];
     (void)strcpy_s(apl1, sizeof(apl1), "normal");
 
-    uint64_t tokenIdApl3 = ::GetAccessTokenId("ProcessNativeTokenInfos007_003", dcaps, dcapNum, apl3);
+    NativeTokenInfoParams infoInstance = {
+        .dcapsNum = dcapNum,
+        .permsNum = 0,
+        .dcaps = dcaps,
+        .perms = nullptr,
+    };
+    infoInstance.aplStr = apl3;
+    infoInstance.processName = "ProcessNativeTokenInfos007_003";
+    uint64_t tokenIdApl3 = ::GetAccessTokenId(&infoInstance);
     ASSERT_NE(tokenIdApl3, 0);
-    uint64_t tokenIdApl2 = ::GetAccessTokenId("ProcessNativeTokenInfos007_002", dcaps, dcapNum, apl2);
+
+    infoInstance.aplStr = apl2;
+    infoInstance.processName = "ProcessNativeTokenInfos007_002";
+    uint64_t tokenIdApl2 = ::GetAccessTokenId(&infoInstance);
     ASSERT_NE(tokenIdApl2, 0);
-    uint64_t tokenIdApl1 = ::GetAccessTokenId("ProcessNativeTokenInfos007_001", dcaps, dcapNum, apl1);
+
+    infoInstance.aplStr = apl1;
+    infoInstance.processName = "ProcessNativeTokenInfos007_001";
+    uint64_t tokenIdApl1 = ::GetAccessTokenId(&infoInstance);
     ASSERT_NE(tokenIdApl1, 0);
 
     NativeTokenReceptor& receptor = NativeTokenReceptor::GetInstance();
diff --git a/services/tokensyncmanager/include/command/base_remote_command.h b/services/tokensyncmanager/include/command/base_remote_command.h
index 2289251c243297abc9e56e770693a5fed981d1d2..f8d17a79b451d07a762f2fd402ad2a64e5a4b117 100644
--- a/services/tokensyncmanager/include/command/base_remote_command.h
+++ b/services/tokensyncmanager/include/command/base_remote_command.h
@@ -57,8 +57,8 @@ public:
 
     nlohmann::json ToHapTokenInfosJson(const HapTokenInfoForSync &tokenInfo);
     void FromHapTokenInfoJson(const nlohmann::json& hapTokenJson, HapTokenInfoForSync& hapTokenInfo);
-    nlohmann::json ToNativeTokenInfoJson(const NativeTokenInfo& tokenInfo);
-    void FromNativeTokenInfoJson(const nlohmann::json& nativeTokenJson, NativeTokenInfo& nativeTokenInfo);
+    nlohmann::json ToNativeTokenInfoJson(const NativeTokenInfoForSync& tokenInfo);
+    void FromNativeTokenInfoJson(const nlohmann::json& nativeTokenJson, NativeTokenInfoForSync& nativeTokenInfo);
     RemoteProtocol remoteProtocol_;
 };
 }  // namespace AccessToken
diff --git a/services/tokensyncmanager/include/command/sync_remote_native_token_command.h b/services/tokensyncmanager/include/command/sync_remote_native_token_command.h
index e398d780427dc00b1b39bed652478f15a6ef7433..c39002a14924eff94d5aba440eced36abb6e3d3d 100644
--- a/services/tokensyncmanager/include/command/sync_remote_native_token_command.h
+++ b/services/tokensyncmanager/include/command/sync_remote_native_token_command.h
@@ -47,7 +47,7 @@ private:
      * The command name. Should be equal to class name.
      */
     const std::string COMMAND_NAME = "SyncRemoteNativeTokenCommand";
-    std::vector<NativeTokenInfo> nativeTokenInfo_;
+    std::vector<NativeTokenInfoForSync> nativeTokenInfo_;
 };
 }  // namespace AccessToken
 }  // namespace Security
diff --git a/services/tokensyncmanager/src/command/base_remote_command.cpp b/services/tokensyncmanager/src/command/base_remote_command.cpp
index a46afd7ec999fa7892303475c041a8d2e642ee51..5bbbbac83fed2efecb917f62ab071eb5141e94d3 100644
--- a/services/tokensyncmanager/src/command/base_remote_command.cpp
+++ b/services/tokensyncmanager/src/command/base_remote_command.cpp
@@ -78,16 +78,24 @@ nlohmann::json BaseRemoteCommand::ToRemoteProtocolJson()
     return j;
 }
 
-nlohmann::json BaseRemoteCommand::ToNativeTokenInfoJson(const NativeTokenInfo& tokenInfo)
+nlohmann::json BaseRemoteCommand::ToNativeTokenInfoJson(const NativeTokenInfoForSync& tokenInfo)
 {
-    nlohmann::json DcapsJson = nlohmann::json(tokenInfo.dcap);
+    nlohmann::json permStatesJson;
+    for (auto& permState : tokenInfo.permStateList) {
+        nlohmann::json permStateJson;
+        ToPermStateJson(permStateJson, permState);
+        permStatesJson.emplace_back(permStateJson);
+    }
+
+    nlohmann::json DcapsJson = nlohmann::json(tokenInfo.baseInfo.dcap);
     nlohmann::json nativeTokenJson = nlohmann::json {
-        {"processName", tokenInfo.processName},
-        {"apl", tokenInfo.apl},
-        {"version", tokenInfo.ver},
-        {"tokenId", tokenInfo.tokenID},
-        {"tokenAttr", tokenInfo.tokenAttr},
+        {"processName", tokenInfo.baseInfo.processName},
+        {"apl", tokenInfo.baseInfo.apl},
+        {"version", tokenInfo.baseInfo.ver},
+        {"tokenId", tokenInfo.baseInfo.tokenID},
+        {"tokenAttr", tokenInfo.baseInfo.tokenAttr},
         {"dcaps", DcapsJson},
+        {"permState", permStatesJson},
     };
     return nativeTokenJson;
 }
@@ -230,30 +238,32 @@ void BaseRemoteCommand::FromHapTokenInfoJson(const nlohmann::json& hapTokenJson,
 }
 
 void BaseRemoteCommand::FromNativeTokenInfoJson(const nlohmann::json& nativeTokenJson,
-    NativeTokenInfo& nativeTokenInfo)
+    NativeTokenInfoForSync& nativeTokenInfo)
 {
     if (nativeTokenJson.find("processName") != nativeTokenJson.end() && nativeTokenJson.at("processName").is_string()) {
-        nativeTokenInfo.processName = nativeTokenJson.at("processName").get<std::string>();
+        nativeTokenInfo.baseInfo.processName = nativeTokenJson.at("processName").get<std::string>();
     }
     if (nativeTokenJson.find("apl") != nativeTokenJson.end() && nativeTokenJson.at("apl").is_number()) {
         int apl = nativeTokenJson.at("apl").get<int>();
         if (DataValidator::IsAplNumValid(apl)) {
-            nativeTokenInfo.apl = (ATokenAplEnum)apl;
+            nativeTokenInfo.baseInfo.apl = (ATokenAplEnum)apl;
         }
     }
     if (nativeTokenJson.find("version") != nativeTokenJson.end() && nativeTokenJson.at("version").is_number()) {
-        nativeTokenInfo.ver = (unsigned)nativeTokenJson.at("version").get<int32_t>();
+        nativeTokenInfo.baseInfo.ver = (unsigned)nativeTokenJson.at("version").get<int32_t>();
     }
     if (nativeTokenJson.find("tokenId") != nativeTokenJson.end() && nativeTokenJson.at("tokenId").is_number()) {
-        nativeTokenInfo.tokenID = (unsigned)nativeTokenJson.at("tokenId").get<int32_t>();
+        nativeTokenInfo.baseInfo.tokenID = (unsigned)nativeTokenJson.at("tokenId").get<int32_t>();
     }
     if (nativeTokenJson.find("tokenAttr") != nativeTokenJson.end() && nativeTokenJson.at("tokenAttr").is_number()) {
-        nativeTokenInfo.tokenAttr = (unsigned)nativeTokenJson.at("tokenAttr").get<int32_t>();
+        nativeTokenInfo.baseInfo.tokenAttr = (unsigned)nativeTokenJson.at("tokenAttr").get<int32_t>();
     }
     if (nativeTokenJson.find("dcaps") != nativeTokenJson.end() && nativeTokenJson.at("dcaps").is_array()
         && nativeTokenJson.at("dcaps").size() > 0 && (nativeTokenJson.at("dcaps"))[0].is_string()) {
-        nativeTokenInfo.dcap = nativeTokenJson.at("dcaps").get<std::vector<std::string>>();
+        nativeTokenInfo.baseInfo.dcap = nativeTokenJson.at("dcaps").get<std::vector<std::string>>();
     }
+
+    FromPermStateListJson(nativeTokenJson, nativeTokenInfo.permStateList);
 }
 }  // namespace AccessToken
 }  // namespace Security
diff --git a/services/tokensyncmanager/src/command/sync_remote_native_token_command.cpp b/services/tokensyncmanager/src/command/sync_remote_native_token_command.cpp
index 4f45e64230800e879ac1288c7f9a7c4399936b13..6484d3527f29f9d33bb5347b1bfa8e631c93242f 100644
--- a/services/tokensyncmanager/src/command/sync_remote_native_token_command.cpp
+++ b/services/tokensyncmanager/src/command/sync_remote_native_token_command.cpp
@@ -47,7 +47,7 @@ SyncRemoteNativeTokenCommand::SyncRemoteNativeTokenCommand(const std::string &js
     if (jsonObject.find("NativeTokenInfos") != jsonObject.end() && jsonObject.at("NativeTokenInfos").is_array()) {
         nlohmann::json nativeTokenListJson = jsonObject.at("NativeTokenInfos");
         for (auto& tokenJson : nativeTokenListJson) {
-            NativeTokenInfo token;
+            NativeTokenInfoForSync token;
             BaseRemoteCommand::FromNativeTokenInfoJson(tokenJson, token);
             nativeTokenInfo_.emplace_back(token);
         }
diff --git a/services/tokensyncmanager/src/service/token_sync_manager_stub.cpp b/services/tokensyncmanager/src/service/token_sync_manager_stub.cpp
index cefdf158f489ea3ec44c124e3a3ddc0b7265700c..c1e2cd5a776b1772add5dfc3a1aedd7fa0a14bec 100644
--- a/services/tokensyncmanager/src/service/token_sync_manager_stub.cpp
+++ b/services/tokensyncmanager/src/service/token_sync_manager_stub.cpp
@@ -17,6 +17,7 @@
 
 #include "accesstoken_log.h"
 #include "hap_token_info_for_sync_parcel.h"
+#include "native_token_info_for_sync_parcel.h"
 #include "ipc_skeleton.h"
 #include "string_ex.h"