diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h
index 30cfd3f7d4071b0da39c8ee6335ecd1e1ad8f244..6bd9a3ec2a6e8fbf9aa3026dff4b477cd5eadf33 100644
--- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h
+++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h
@@ -60,7 +60,7 @@ private:
     void GetAllNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply);
     void SetRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply);
     void SetRemoteNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply);
-    void  DeleteRemoteTokenInner(MessageParcel& data, MessageParcel& reply);
+    void DeleteRemoteTokenInner(MessageParcel& data, MessageParcel& reply);
     void DeleteRemoteDeviceTokensInner(MessageParcel& data, MessageParcel& reply);
     void GetRemoteNativeTokenIDInner(MessageParcel& data, MessageParcel& reply);
     void GetRemoteHapTokenIDInner(MessageParcel& data, MessageParcel& reply);
@@ -69,8 +69,10 @@ private:
     void DumpTokenInfoInner(MessageParcel& data, MessageParcel& reply);
 
     bool IsAuthorizedCalling() const;
-    static const int SYSTEM_UID = 1000;
-    static const int ROOT_UID = 0;
+    bool IsAccessTokenCalling() const;
+    static const int32_t SYSTEM_UID = 1000;
+    static const int32_t ROOT_UID = 0;
+    static const int32_t ACCESSTOKEN_UID = 3020;
 
     using RequestFuncType = void (AccessTokenManagerStub::*)(MessageParcel &data, MessageParcel &reply);
     std::map<uint32_t, RequestFuncType> requestFuncMap_;
diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp
index a4147fca00bb72099aed8f95ffa08c94b101fc9d..c3d78500719a704c3d36db775038ad7c7374b731 100644
--- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp
+++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp
@@ -325,7 +325,7 @@ void AccessTokenManagerStub::GetNativeTokenInfoInner(MessageParcel& data, Messag
 #ifdef TOKEN_SYNC_ENABLE
 void AccessTokenManagerStub::GetHapTokenInfoFromRemoteInner(MessageParcel& data, MessageParcel& reply)
 {
-    if (!IsAuthorizedCalling()) {
+    if (!IsAuthorizedCalling() && !IsAccessTokenCalling()) {
         ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, permission denied", __func__);
         reply.WriteInt32(RET_FAILED);
         return;
@@ -340,7 +340,7 @@ void AccessTokenManagerStub::GetHapTokenInfoFromRemoteInner(MessageParcel& data,
 
 void AccessTokenManagerStub::GetAllNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply)
 {
-    if (!IsAuthorizedCalling()) {
+    if (!IsAuthorizedCalling() && !IsAccessTokenCalling()) {
         ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, permission denied", __func__);
         reply.WriteInt32(RET_FAILED);
         return;
@@ -356,7 +356,7 @@ void AccessTokenManagerStub::GetAllNativeTokenInfoInner(MessageParcel& data, Mes
 
 void AccessTokenManagerStub::SetRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply)
 {
-    if (!IsAuthorizedCalling()) {
+    if (!IsAuthorizedCalling() && !IsAccessTokenCalling()) {
         ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, permission denied", __func__);
         reply.WriteInt32(RET_FAILED);
         return;
@@ -374,7 +374,7 @@ void AccessTokenManagerStub::SetRemoteHapTokenInfoInner(MessageParcel& data, Mes
 
 void AccessTokenManagerStub::SetRemoteNativeTokenInfoInner(MessageParcel& data, MessageParcel& reply)
 {
-    if (!IsAuthorizedCalling()) {
+    if (!IsAuthorizedCalling() && !IsAccessTokenCalling()) {
         ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, permission denied", __func__);
         reply.WriteInt32(RET_FAILED);
         return;
@@ -404,7 +404,7 @@ void AccessTokenManagerStub::SetRemoteNativeTokenInfoInner(MessageParcel& data,
 
 void AccessTokenManagerStub::DeleteRemoteTokenInner(MessageParcel& data, MessageParcel& reply)
 {
-    if (!IsAuthorizedCalling()) {
+    if (!IsAuthorizedCalling() && !IsAccessTokenCalling()) {
         ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, permission denied", __func__);
         reply.WriteInt32(RET_FAILED);
         return;
@@ -418,7 +418,7 @@ void AccessTokenManagerStub::DeleteRemoteTokenInner(MessageParcel& data, Message
 
 void AccessTokenManagerStub::GetRemoteNativeTokenIDInner(MessageParcel& data, MessageParcel& reply)
 {
-    if (!IsAuthorizedCalling()) {
+    if (!IsAuthorizedCalling() && !IsAccessTokenCalling()) {
         ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, permission denied", __func__);
         reply.WriteInt32(RET_FAILED);
         return;
@@ -432,7 +432,7 @@ void AccessTokenManagerStub::GetRemoteNativeTokenIDInner(MessageParcel& data, Me
 
 void AccessTokenManagerStub::DeleteRemoteDeviceTokensInner(MessageParcel& data, MessageParcel& reply)
 {
-    if (!IsAuthorizedCalling()) {
+    if (!IsAuthorizedCalling() && !IsAccessTokenCalling()) {
         ACCESSTOKEN_LOG_INFO(LABEL, "%{public}s called, permission denied", __func__);
         reply.WriteInt32(RET_FAILED);
         return;
@@ -462,6 +462,12 @@ bool AccessTokenManagerStub::IsAuthorizedCalling() const
     return callingUid == SYSTEM_UID || callingUid == ROOT_UID;
 }
 
+bool AccessTokenManagerStub::IsAccessTokenCalling() const
+{
+    int callingUid = IPCSkeleton::GetCallingUid();
+    return callingUid == ACCESSTOKEN_UID;
+}
+
 AccessTokenManagerStub::AccessTokenManagerStub()
 {
     requestFuncMap_[static_cast<uint32_t>(IAccessTokenManager::InterfaceCode::VERIFY_ACCESSTOKEN)] =