From 350fa1d8c68e2371dab721b240e954517e75a16a Mon Sep 17 00:00:00 2001
From: bigtea <tianqushen@huawei.com>
Date: Tue, 15 Apr 2025 15:52:10 +0800
Subject: [PATCH] Add GetSelfPermissionStatus 6.0

Signed-off-by: bigtea <tianqushen@huawei.com>
---
 .../accesstoken_service_ipc_interface_code.h  |   1 +
 .../include/i_accesstoken_manager.h           |   1 +
 .../napi/accesstoken/src/napi_atmanager.cpp   | 116 +++-
 .../accesstoken/include/accesstoken_kit.h     |   7 +
 .../accesstoken/libaccesstoken_sdk.map        |   1 +
 .../accesstoken/src/accesstoken_kit.cpp       |   9 +
 .../src/accesstoken_manager_client.cpp        |  18 +
 .../src/accesstoken_manager_client.h          |   1 +
 .../src/accesstoken_manager_proxy.cpp         |  25 +
 .../src/accesstoken_manager_proxy.h           |   1 +
 .../accesstoken/test/unittest/BUILD.gn        |   1 +
 .../get_self_permission_status_test.cpp       | 508 ++++++++++++++++++
 .../get_self_permission_status_test.h         |  42 ++
 .../ProxyMockTest/accesstoken_mock_test.cpp   |  13 +
 .../cj/accesstoken/include/at_manager_impl.h  |   2 +-
 .../cj/accesstoken/src/at_manager_impl.cpp    |   2 +-
 .../napi/accesstoken/include/napi_atmanager.h |  13 +-
 .../accesstokenmanager/etc/access_token.para  |   5 +-
 .../etc/access_token.para.dac                 |   3 +-
 .../include/permission/permission_manager.h   |   4 +
 .../service/accesstoken_manager_service.h     |   1 +
 .../service/accesstoken_manager_stub.h        |   1 +
 .../cpp/src/permission/permission_manager.cpp |  29 +-
 .../service/accesstoken_manager_service.cpp   |  12 +
 .../src/service/accesstoken_manager_stub.cpp  |  20 +
 test/fuzztest/innerkits/accesstoken/BUILD.gn  |   1 +
 .../getselfpermissionstatus_fuzzer/BUILD.gn   |  42 ++
 .../corpus/init                               |  13 +
 .../getselfpermissionstatus_fuzzer.cpp        |  50 ++
 .../getselfpermissionstatus_fuzzer.h          |  28 +
 .../project.xml                               |  25 +
 test/fuzztest/services/accesstoken/BUILD.gn   |   1 +
 .../BUILD.gn                                  |  47 ++
 .../corpus/init                               |  14 +
 .../getselfpermissionstatusstub_fuzzer.cpp    |  60 +++
 .../getselfpermissionstatusstub_fuzzer.h      |  21 +
 .../project.xml                               |  25 +
 37 files changed, 1139 insertions(+), 24 deletions(-)
 create mode 100644 interfaces/innerkits/accesstoken/test/unittest/PermisionDialogTest/get_self_permission_status_test.cpp
 create mode 100644 interfaces/innerkits/accesstoken/test/unittest/PermisionDialogTest/get_self_permission_status_test.h
 create mode 100644 test/fuzztest/innerkits/accesstoken/getselfpermissionstatus_fuzzer/BUILD.gn
 create mode 100644 test/fuzztest/innerkits/accesstoken/getselfpermissionstatus_fuzzer/corpus/init
 create mode 100644 test/fuzztest/innerkits/accesstoken/getselfpermissionstatus_fuzzer/getselfpermissionstatus_fuzzer.cpp
 create mode 100644 test/fuzztest/innerkits/accesstoken/getselfpermissionstatus_fuzzer/getselfpermissionstatus_fuzzer.h
 create mode 100644 test/fuzztest/innerkits/accesstoken/getselfpermissionstatus_fuzzer/project.xml
 create mode 100644 test/fuzztest/services/accesstoken/getselfpermissionstatusstub_fuzzer/BUILD.gn
 create mode 100644 test/fuzztest/services/accesstoken/getselfpermissionstatusstub_fuzzer/corpus/init
 create mode 100644 test/fuzztest/services/accesstoken/getselfpermissionstatusstub_fuzzer/getselfpermissionstatusstub_fuzzer.cpp
 create mode 100644 test/fuzztest/services/accesstoken/getselfpermissionstatusstub_fuzzer/getselfpermissionstatusstub_fuzzer.h
 create mode 100644 test/fuzztest/services/accesstoken/getselfpermissionstatusstub_fuzzer/project.xml

diff --git a/frameworks/accesstoken/include/accesstoken_service_ipc_interface_code.h b/frameworks/accesstoken/include/accesstoken_service_ipc_interface_code.h
index 07d0e107b..31b1e4e7c 100644
--- a/frameworks/accesstoken/include/accesstoken_service_ipc_interface_code.h
+++ b/frameworks/accesstoken/include/accesstoken_service_ipc_interface_code.h
@@ -78,6 +78,7 @@ enum class AccessTokenInterfaceCode {
     GET_PERMISSION_BY_NAME,
 
     VERIFY_ACCESSTOKEN_WITH_LIST = 0x0050,
+    GET_SELF_PERMISSION_STATUS,
 };
 } // namespace AccessToken
 } // namespace Security
diff --git a/frameworks/accesstoken/include/i_accesstoken_manager.h b/frameworks/accesstoken/include/i_accesstoken_manager.h
index 22709473a..86c433e22 100644
--- a/frameworks/accesstoken/include/i_accesstoken_manager.h
+++ b/frameworks/accesstoken/include/i_accesstoken_manager.h
@@ -61,6 +61,7 @@ public:
     virtual int32_t GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status,
         int32_t userID = 0) = 0;
     virtual int32_t RequestAppPermOnSetting(AccessTokenID tokenID) = 0;
+    virtual int32_t GetSelfPermissionStatus(const std::string& permissionName, int32_t& status) = 0;
     virtual PermissionOper GetSelfPermissionsState(std::vector<PermissionListStateParcel>& permListParcel,
         PermissionGrantInfoParcel& infoParcel) = 0;
     virtual int32_t GetPermissionsStatus(
diff --git a/frameworks/js/napi/accesstoken/src/napi_atmanager.cpp b/frameworks/js/napi/accesstoken/src/napi_atmanager.cpp
index 3f98af789..911a32f88 100644
--- a/frameworks/js/napi/accesstoken/src/napi_atmanager.cpp
+++ b/frameworks/js/napi/accesstoken/src/napi_atmanager.cpp
@@ -31,12 +31,16 @@ namespace AccessToken {
 std::mutex g_lockForPermStateChangeRegisters;
 std::vector<RegisterPermStateChangeInfo*> g_permStateChangeRegisters;
 std::mutex g_lockCache;
-std::map<std::string, PermissionStatusCache> g_cache;
+std::map<std::string, GrantStatusCache> g_cache;
+std::mutex g_lockStatusCache;
+std::map<std::string, PermissionStatusCache> g_statusCache;
 static PermissionParamCache g_paramCache;
+static PermissionParamCache g_paramFlagCache;
 static std::atomic<int32_t> g_cnt = 0;
 constexpr uint32_t REPORT_CNT = 10;
 namespace {
 static const char* PERMISSION_STATUS_CHANGE_KEY = "accesstoken.permission.change";
+static const char* PERMISSION_STATUS_FLAG_CHANGE_KEY = "accesstoken.permission.flagchange";
 static const char* REGISTER_PERMISSION_STATE_CHANGE_TYPE = "permissionStateChange";
 static const char* REGISTER_SELF_PERMISSION_STATE_CHANGE_TYPE = "selfPermissionStateChange";
 constexpr uint32_t THIRD_PARAM = 2;
@@ -238,6 +242,7 @@ napi_value NapiAtManager::Init(napi_env env, napi_value exports)
         DECLARE_NAPI_FUNCTION("requestPermissionOnSetting", NapiRequestPermissionOnSetting::RequestPermissionOnSetting),
         DECLARE_NAPI_FUNCTION("requestGlobalSwitch", NapiRequestGlobalSwitch::RequestGlobalSwitch),
         DECLARE_NAPI_FUNCTION("requestPermissionOnApplicationSetting", RequestAppPermOnSetting),
+        DECLARE_NAPI_FUNCTION("getSelfPermissionStatus", GetSelfPermissionStatusSync),
     };
 
     napi_value cons = nullptr;
@@ -531,36 +536,36 @@ napi_value NapiAtManager::CheckAccessToken(napi_env env, napi_callback_info info
     return result;
 }
 
-std::string NapiAtManager::GetPermParamValue()
+std::string NapiAtManager::GetPermParamValue(PermissionParamCache& paramCache, const char* paramKey)
 {
     long long sysCommitId = GetSystemCommitId();
-    if (sysCommitId == g_paramCache.sysCommitIdCache) {
+    if (sysCommitId == paramCache.sysCommitIdCache) {
         LOGD(ATM_DOMAIN, ATM_TAG, "SysCommitId = %{public}lld", sysCommitId);
-        return g_paramCache.sysParamCache;
+        return paramCache.sysParamCache;
     }
-    g_paramCache.sysCommitIdCache = sysCommitId;
-    if (g_paramCache.handle == PARAM_DEFAULT_VALUE) {
-        int32_t handle = static_cast<int32_t>(FindParameter(PERMISSION_STATUS_CHANGE_KEY));
+    paramCache.sysCommitIdCache = sysCommitId;
+    if (paramCache.handle == PARAM_DEFAULT_VALUE) {
+        int32_t handle = static_cast<int32_t>(FindParameter(paramKey));
         if (handle == PARAM_DEFAULT_VALUE) {
             LOGE(ATM_DOMAIN, ATM_TAG, "FindParameter failed");
             return "-1";
         }
-        g_paramCache.handle = handle;
+        paramCache.handle = handle;
     }
 
-    int32_t currCommitId = static_cast<int32_t>(GetParameterCommitId(g_paramCache.handle));
-    if (currCommitId != g_paramCache.commitIdCache) {
+    int32_t currCommitId = static_cast<int32_t>(GetParameterCommitId(paramCache.handle));
+    if (currCommitId != paramCache.commitIdCache) {
         char value[NapiContextCommon::VALUE_MAX_LEN] = {0};
-        auto ret = GetParameterValue(g_paramCache.handle, value, NapiContextCommon::VALUE_MAX_LEN - 1);
+        auto ret = GetParameterValue(paramCache.handle, value, NapiContextCommon::VALUE_MAX_LEN - 1);
         if (ret < 0) {
             LOGE(ATM_DOMAIN, ATM_TAG, "Return default value, ret=%{public}d", ret);
             return "-1";
         }
         std::string resStr(value);
-        g_paramCache.sysParamCache = resStr;
-        g_paramCache.commitIdCache = currCommitId;
+        paramCache.sysParamCache = resStr;
+        paramCache.commitIdCache = currCommitId;
     }
-    return g_paramCache.sysParamCache;
+    return paramCache.sysParamCache;
 }
 
 void NapiAtManager::UpdatePermissionCache(AtManagerSyncContext* syncContext)
@@ -568,7 +573,7 @@ void NapiAtManager::UpdatePermissionCache(AtManagerSyncContext* syncContext)
     std::lock_guard<std::mutex> lock(g_lockCache);
     auto iter = g_cache.find(syncContext->permissionName);
     if (iter != g_cache.end()) {
-        std::string currPara = GetPermParamValue();
+        std::string currPara = GetPermParamValue(g_paramCache, PERMISSION_STATUS_CHANGE_KEY);
         if (currPara != iter->second.paramValue) {
             syncContext->result = AccessTokenKit::VerifyAccessToken(
                 syncContext->tokenId, syncContext->permissionName);
@@ -581,7 +586,7 @@ void NapiAtManager::UpdatePermissionCache(AtManagerSyncContext* syncContext)
     } else {
         syncContext->result = AccessTokenKit::VerifyAccessToken(syncContext->tokenId, syncContext->permissionName);
         g_cache[syncContext->permissionName].status = syncContext->result;
-        g_cache[syncContext->permissionName].paramValue = GetPermParamValue();
+        g_cache[syncContext->permissionName].paramValue = GetPermParamValue(g_paramCache, PERMISSION_STATUS_CHANGE_KEY);
         LOGD(ATM_DOMAIN, ATM_TAG, "G_cacheParam set %{public}s",
             g_cache[syncContext->permissionName].paramValue.c_str());
     }
@@ -1242,6 +1247,85 @@ napi_value NapiAtManager::RequestAppPermOnSetting(napi_env env, napi_callback_in
     return result;
 }
 
+bool NapiAtManager::ParseInputGetPermStatus(const napi_env env, const napi_callback_info info,
+    AtManagerSyncContext& syncContext)
+{
+    size_t argc = NapiContextCommon::MAX_PARAMS_ONE;
+    napi_value argv[NapiContextCommon::MAX_PARAMS_ONE] = {nullptr};
+    napi_value thisVar = nullptr;
+
+    void *data = nullptr;
+    NAPI_CALL_BASE(env, napi_get_cb_info(env, info, &argc, argv, &thisVar, &data), false);
+    if (argc < NapiContextCommon::MAX_PARAMS_ONE) {
+        NAPI_CALL_BASE(env, napi_throw(env, GenerateBusinessError(env,
+            JsErrorCode::JS_ERROR_PARAM_ILLEGAL, "Parameter is missing.")), false);
+        return false;
+    }
+
+    syncContext.env = env;
+    if (!ParseString(env, argv[0], syncContext.permissionName)) {
+        std::string errMsg = GetParamErrorMsg("permissionName", "string");
+        NAPI_CALL_BASE(env,
+            napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_PARAM_ILLEGAL, errMsg)), false);
+        return false;
+    }
+    return true;
+}
+
+napi_value NapiAtManager::GetSelfPermissionStatusSync(napi_env env, napi_callback_info info)
+{
+    auto* syncContext = new (std::nothrow) AtManagerSyncContext();
+    if (syncContext == nullptr) {
+        LOGE(ATM_DOMAIN, ATM_TAG, "New struct fail.");
+        return nullptr;
+    }
+
+    std::unique_ptr<AtManagerSyncContext> context {syncContext};
+    if (!ParseInputGetPermStatus(env, info, *syncContext)) {
+        return nullptr;
+    }
+
+    if ((syncContext->permissionName.empty()) ||
+        ((syncContext->permissionName.length() > NapiContextCommon::MAX_LENGTH))) {
+        std::string errMsg = "Invalid parameter. The permissionName is empty or exceeds 256 characters.";
+        NAPI_CALL(env, napi_throw(env, GenerateBusinessError(env, JS_ERROR_PARAM_INVALID, errMsg)));
+        return nullptr;
+    }
+
+    {
+        std::lock_guard<std::mutex> lock(g_lockStatusCache);
+        auto iter = g_statusCache.find(syncContext->permissionName);
+        if (iter != g_statusCache.end()) {
+            std::string currPara = GetPermParamValue(g_paramFlagCache, PERMISSION_STATUS_FLAG_CHANGE_KEY);
+            if (currPara != iter->second.paramValue) {
+                syncContext->result = AccessTokenKit::GetSelfPermissionStatus(syncContext->permissionName,
+                    syncContext->permissionsState);
+                iter->second.status = syncContext->permissionsState;
+                iter->second.paramValue = currPara;
+            } else {
+                syncContext->result = RET_SUCCESS;
+                syncContext->permissionsState = iter->second.status;
+            }
+        } else {
+            syncContext->result = AccessTokenKit::GetSelfPermissionStatus(syncContext->permissionName,
+                syncContext->permissionsState);
+            g_statusCache[syncContext->permissionName].status = syncContext->permissionsState;
+            g_statusCache[syncContext->permissionName].paramValue = GetPermParamValue(
+                g_paramFlagCache, PERMISSION_STATUS_FLAG_CHANGE_KEY);
+        }
+    }
+
+    if (syncContext->result != RET_SUCCESS) {
+        NAPI_CALL(env, napi_throw(env, GenerateBusinessError(env, JsErrorCode::JS_ERROR_SERVICE_NOT_RUNNING,
+            "The service is abnormal.")));
+        return nullptr;
+    }
+
+    napi_value result = nullptr;
+    NAPI_CALL(env, napi_create_int32(env, static_cast<int32_t>(syncContext->permissionsState), &result));
+    return result;
+}
+
 bool NapiAtManager::FillPermStateChangeInfo(const napi_env env, const napi_value* argv, const std::string& type,
     const napi_value thisVar, RegisterPermStateChangeInfo& registerPermStateChangeInfo)
 {
diff --git a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h
index abe082293..b47baeff2 100644
--- a/interfaces/innerkits/accesstoken/include/accesstoken_kit.h
+++ b/interfaces/innerkits/accesstoken/include/accesstoken_kit.h
@@ -297,6 +297,13 @@ public:
      * @return error code, see access_token_error.h
      */
     static int32_t RequestAppPermOnSetting(AccessTokenID tokenID);
+    /**
+     * @brief Get self permission status
+     * @param permissionName permission name quote
+     * @param status the permission status
+     * @return error code, see access_token_error.h
+     */
+    static int32_t GetSelfPermissionStatus(const std::string& permissionName, PermissionOper& status);
     /**
      * @brief Get requsted permission grant result
      * @param permList PermissionListState list quote, as input and query result
diff --git a/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map b/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map
index 19192e683..373be35db 100644
--- a/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map
+++ b/interfaces/innerkits/accesstoken/libaccesstoken_sdk.map
@@ -83,6 +83,7 @@
         "OHOS::Security::AccessToken::AccessTokenKit::RequestAppPermOnSetting(unsigned int)";
         "OHOS::Security::AccessToken::AccessTokenKit::GetReqPermissionByName(unsigned int, std::__h::basic_string<char, std::__h::char_traits<char>, std::__h::allocator<char>> const&, std::__h::basic_string<char, std::__h::char_traits<char>, std::__h::allocator<char>>&)";
         "OHOS::Security::AccessToken::AccessTokenKit::GetKernelPermissions(unsigned int, std::__h::vector<OHOS::Security::AccessToken::PermissionWithValue, std::__h::allocator<OHOS::Security::AccessToken::PermissionWithValue>>&)";
+        "OHOS::Security::AccessToken::AccessTokenKit::GetSelfPermissionStatus(std::__h::basic_string<char, std::__h::char_traits<char>, std::__h::allocator<char>> const&, OHOS::Security::AccessToken::TypePermissionOper&)";
         OHOS::Security::AccessToken::AccessTokenKit::IsSystemAppByFullTokenID*;
         OHOS::Security::AccessToken::AccessTokenKit::GetRenderTokenID*;
         "";
diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp
index 83590b74d..3ac795635 100644
--- a/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp
+++ b/interfaces/innerkits/accesstoken/src/accesstoken_kit.cpp
@@ -37,6 +37,7 @@ static const uint64_t SYSTEM_APP_MASK = (static_cast<uint64_t>(1) << 32);
 static const uint64_t TOKEN_ID_LOWMASK = 0xffffffff;
 static const int INVALID_DLP_TOKEN_FLAG = -1;
 static const int FIRSTCALLER_TOKENID_DEFAULT = 0;
+static const int MAX_LENGTH = 256;
 } // namespace
 
 PermUsedTypeEnum AccessTokenKit::GetPermissionUsedType(
@@ -279,6 +280,14 @@ int AccessTokenKit::GetNativeTokenInfo(
     return AccessTokenManagerClient::GetInstance().GetNativeTokenInfo(tokenID, nativeTokenInfoRes);
 }
 
+int32_t AccessTokenKit::GetSelfPermissionStatus(const std::string& permissionName, PermissionOper& status)
+{
+    if (permissionName.size() == 0 || permissionName.size() > MAX_LENGTH) {
+        return ERR_PARAM_INVALID;
+    }
+    return AccessTokenManagerClient::GetInstance().GetSelfPermissionStatus(permissionName, status);
+}
+
 PermissionOper AccessTokenKit::GetSelfPermissionsState(std::vector<PermissionListState>& permList,
     PermissionGrantInfo& info)
 {
diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp
index 2f7a6df29..115255e44 100644
--- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp
+++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.cpp
@@ -149,6 +149,24 @@ int AccessTokenManagerClient::GetPermissionFlag(
     return proxy->GetPermissionFlag(tokenID, permissionName, flag);
 }
 
+int32_t AccessTokenManagerClient::GetSelfPermissionStatus(const std::string& permissionName, PermissionOper& status)
+{
+    auto proxy = GetProxy();
+    if (proxy == nullptr) {
+        LOGE(ATM_DOMAIN, ATM_TAG, "Proxy is null.");
+        status = INVALID_OPER;
+        return AccessTokenError::ERR_SERVICE_ABNORMAL;
+    }
+    int32_t retStatus = INVALID_OPER;
+    int32_t result = proxy->GetSelfPermissionStatus(permissionName, retStatus);
+    if (result != RET_SUCCESS) {
+        return result;
+    }
+    status = static_cast<PermissionOper>(retStatus);
+    LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d, status=%{public}d).", result, retStatus);
+    return result;
+}
+
 PermissionOper AccessTokenManagerClient::GetSelfPermissionsState(std::vector<PermissionListState>& permList,
     PermissionGrantInfo& info)
 {
diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h
index b5a4d0984..3ed9cb786 100644
--- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h
+++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_client.h
@@ -59,6 +59,7 @@ public:
     int32_t SetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t status, int32_t userID);
     int32_t GetPermissionRequestToggleStatus(const std::string& permissionName, uint32_t& status, int32_t userID);
     int32_t RequestAppPermOnSetting(AccessTokenID tokenID);
+    int32_t GetSelfPermissionStatus(const std::string& permissionName, PermissionOper& status);
     PermissionOper GetSelfPermissionsState(std::vector<PermissionListState>& permList,
         PermissionGrantInfo& info);
     int32_t GetPermissionsStatus(AccessTokenID tokenID, std::vector<PermissionListState>& permList);
diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp
index 767678b54..84e40f97a 100644
--- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp
+++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.cpp
@@ -335,6 +335,31 @@ int AccessTokenManagerProxy::GetPermissionFlag(AccessTokenID tokenID, const std:
     return result;
 }
 
+int32_t AccessTokenManagerProxy::GetSelfPermissionStatus(const std::string& permissionName, int32_t& status)
+{
+    MessageParcel data;
+    if (!data.WriteInterfaceToken(IAccessTokenManager::GetDescriptor())) {
+        LOGE(ATM_DOMAIN, ATM_TAG, "WriteInterfaceToken failed.");
+        return INVALID_OPER;
+    }
+    if (!data.WriteString(permissionName)) {
+        LOGE(ATM_DOMAIN, ATM_TAG, "WriteString failed.");
+        return ERR_WRITE_PARCEL_FAILED;
+    }
+
+    MessageParcel reply;
+    if (!SendRequest(AccessTokenInterfaceCode::GET_SELF_PERMISSION_STATUS, data, reply)) {
+        return INVALID_OPER;
+    }
+
+    int32_t result = reply.ReadInt32();
+    if (result == RET_SUCCESS) {
+        status = reply.ReadInt32();
+    }
+    LOGI(ATM_DOMAIN, ATM_TAG, "Result from server (error=%{public}d, status=%{public}d).", result, status);
+    return result;
+}
+
 PermissionOper AccessTokenManagerProxy::GetSelfPermissionsState(std::vector<PermissionListStateParcel>& permListParcel,
     PermissionGrantInfoParcel& infoParcel)
 {
diff --git a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h
index 99ff5740f..6feaea17f 100644
--- a/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h
+++ b/interfaces/innerkits/accesstoken/src/accesstoken_manager_proxy.h
@@ -60,6 +60,7 @@ public:
     int RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag) override;
     int GrantPermissionForSpecifiedTime(
         AccessTokenID tokenID, const std::string& permissionName, uint32_t onceTime) override;
+    int32_t GetSelfPermissionStatus(const std::string& permissionName, int32_t& status) override;
     PermissionOper GetSelfPermissionsState(std::vector<PermissionListStateParcel>& permListParcel,
         PermissionGrantInfoParcel& infoParcel) override;
     int32_t GetPermissionsStatus(
diff --git a/interfaces/innerkits/accesstoken/test/unittest/BUILD.gn b/interfaces/innerkits/accesstoken/test/unittest/BUILD.gn
index 1727ef9f3..d91f91d6d 100755
--- a/interfaces/innerkits/accesstoken/test/unittest/BUILD.gn
+++ b/interfaces/innerkits/accesstoken/test/unittest/BUILD.gn
@@ -60,6 +60,7 @@ ohos_unittest("libaccesstoken_sdk_test") {
     "PermDenyTest/accesstoken_deny_test.cpp",
     "PermisionDialogTest/accesstoken_location_request_test.cpp",
     "PermisionDialogTest/get_self_permission_state_test.cpp",
+    "PermisionDialogTest/get_self_permission_status_test.cpp",
     "PermisionDialogTest/request_permission_on_setting_test.cpp",
     "PermisionDialogTest/set_perm_dialog_cap_test.cpp",
     "PermissionsTest/check_permission_map_test.cpp",
diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermisionDialogTest/get_self_permission_status_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/PermisionDialogTest/get_self_permission_status_test.cpp
new file mode 100644
index 000000000..f44bc4408
--- /dev/null
+++ b/interfaces/innerkits/accesstoken/test/unittest/PermisionDialogTest/get_self_permission_status_test.cpp
@@ -0,0 +1,508 @@
+/*
+ * Copyright (c) 2025 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include "get_self_permission_status_test.h"
+#include "access_token_error.h"
+#include "nativetoken_kit.h"
+#include "test_common.h"
+#include "token_setproc.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+using namespace testing::ext;
+namespace {
+static const std::string TEST_BUNDLE_NAME = "ohos";
+static const int TEST_USER_ID = 0;
+static const std::string APPROXIMATELY_LOCATION_PERMISSION = "ohos.permission.APPROXIMATELY_LOCATION";
+static const std::string LOCATION_PERMISSION = "ohos.permission.LOCATION";
+
+PermissionStateFull g_permTestState1 = {
+    .permissionName = APPROXIMATELY_LOCATION_PERMISSION,
+    .isGeneral = true,
+    .resDeviceID = {"local"},
+    .grantStatus = {PermissionState::PERMISSION_DENIED},
+    .grantFlags = {PermissionFlag::PERMISSION_DEFAULT_FLAG},
+};
+
+PermissionStateFull g_permTestState2 = {
+    .permissionName = "ohos.permission.MICROPHONE",
+    .isGeneral = true,
+    .resDeviceID = {"local"},
+    .grantStatus = {PermissionState::PERMISSION_DENIED},
+    .grantFlags = {PermissionFlag::PERMISSION_USER_SET}
+};
+
+PermissionStateFull g_permTestState3 = {
+    .permissionName = "ohos.permission.WRITE_CALENDAR",
+    .isGeneral = true,
+    .resDeviceID = {"local"},
+    .grantStatus = {PermissionState::PERMISSION_DENIED},
+    .grantFlags = {PermissionFlag::PERMISSION_USER_FIXED}
+};
+
+PermissionStateFull g_permTestState4 = {
+    .permissionName = "ohos.permission.READ_IMAGEVIDEO",
+    .isGeneral = true,
+    .resDeviceID = {"local"},
+    .grantStatus = {PermissionState::PERMISSION_GRANTED},
+    .grantFlags = {PermissionFlag::PERMISSION_USER_SET}
+};
+
+PermissionStateFull g_permTestState5 = {
+    .permissionName = LOCATION_PERMISSION,
+    .isGeneral = true,
+    .resDeviceID = {"local"},
+    .grantStatus = {PermissionState::PERMISSION_DENIED},
+    .grantFlags = {PermissionFlag::PERMISSION_DEFAULT_FLAG},
+};
+
+HapPolicyParams g_policy = {
+    .apl = APL_NORMAL,
+    .domain = "domain",
+    .permStateList = {g_permTestState1, g_permTestState2, g_permTestState3, g_permTestState4, g_permTestState5}
+};
+
+static uint64_t g_selfTokenId = 0;
+}
+
+void GetSelfPermissionStatusTest::SetUpTestCase()
+{
+    g_selfTokenId = GetSelfTokenID();
+    TestCommon::SetTestEvironment(g_selfTokenId);
+}
+
+void GetSelfPermissionStatusTest::TearDownTestCase()
+{
+    ASSERT_EQ(RET_SUCCESS, SetSelfTokenID(g_selfTokenId));
+    TestCommon::ResetTestEvironment();
+}
+
+void GetSelfPermissionStatusTest::SetUp()
+{
+    HapInfoParams info = {
+        .userID = TEST_USER_ID,
+        .bundleName = TEST_BUNDLE_NAME,
+        .instIndex = 0,
+        .appIDDesc = "appIDDesc",
+        .apiVersion = 20 // 20: api version
+    };
+
+    AccessTokenIDEx tokenIdEx = TestCommon::AllocAndGrantHapTokenByTest(info, g_policy);
+    AccessTokenID tokenId = tokenIdEx.tokenIdExStruct.tokenID;
+    ASSERT_NE(tokenId, INVALID_TOKENID);
+    ASSERT_EQ(RET_SUCCESS, SetSelfTokenID(tokenIdEx.tokenIDEx));
+}
+
+void GetSelfPermissionStatusTest::TearDown()
+{
+    AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+    AccessTokenID tokenId = tokenIdEx.tokenIdExStruct.tokenID;
+    if (tokenId != INVALID_TOKENID) {
+        EXPECT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenId));
+    }
+}
+
+/**
+ * @tc.name: GetSelfPermissionStatus001
+ * @tc.desc: default permission status
+ * @tc.type: FUNC
+ * @tc.require: Issue Number
+ */
+HWTEST_F(GetSelfPermissionStatusTest, GetSelfPermissionStatus001, TestSize.Level1)
+{
+    AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+    AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
+    ASSERT_NE(INVALID_TOKENID, tokenID);
+
+    // default flag, user not operation
+    PermissionOper status;
+    int32_t ret = AccessTokenKit::GetSelfPermissionStatus(APPROXIMATELY_LOCATION_PERMISSION, status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(DYNAMIC_OPER, status);
+
+    // user set DENIED
+    ret = AccessTokenKit::GetSelfPermissionStatus("ohos.permission.MICROPHONE", status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(DYNAMIC_OPER, status);
+
+    // user fixed DENIED
+    ret = AccessTokenKit::GetSelfPermissionStatus("ohos.permission.WRITE_CALENDAR", status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(SETTING_OPER, status);
+
+    // user set GRANTED
+    ret = AccessTokenKit::GetSelfPermissionStatus("ohos.permission.READ_IMAGEVIDEO", status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(PASS_OPER, status);
+
+    // not request permission CAMERA
+    ret = AccessTokenKit::GetSelfPermissionStatus("ohos.permission.CAMERA", status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(INVALID_OPER, status);
+}
+
+/**
+ * @tc.name: GetSelfPermissionStatus002
+ * @tc.desc: forbidden permission status
+ * @tc.type: FUNC
+ * @tc.require: Issue Number
+ */
+HWTEST_F(GetSelfPermissionStatusTest, GetSelfPermissionStatus002, TestSize.Level1)
+{
+    AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+    AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
+    ASSERT_NE(INVALID_TOKENID, tokenID);
+
+    {
+        std::vector<std::string> reqPerm;
+        reqPerm.emplace_back("ohos.permission.DISABLE_PERMISSION_DIALOG");
+        MockHapToken mock("GetSelfPermissionStatus002", reqPerm, true);
+
+        HapBaseInfo hapBaseInfo = {
+            .userID = TEST_USER_ID,
+            .bundleName = TEST_BUNDLE_NAME,
+            .instIndex = 0,
+        };
+
+        ASSERT_EQ(0, AccessTokenKit::SetPermDialogCap(hapBaseInfo, true));
+    }
+
+    // default flag, user not operation
+    PermissionOper status;
+    int32_t ret = AccessTokenKit::GetSelfPermissionStatus(APPROXIMATELY_LOCATION_PERMISSION, status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(FORBIDDEN_OPER, status);
+
+    // user set DENIED
+    ret = AccessTokenKit::GetSelfPermissionStatus("ohos.permission.MICROPHONE", status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(FORBIDDEN_OPER, status);
+
+    // user fixed DENIED
+    ret = AccessTokenKit::GetSelfPermissionStatus("ohos.permission.WRITE_CALENDAR", status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(FORBIDDEN_OPER, status);
+
+    // user set GRANTED
+    ret = AccessTokenKit::GetSelfPermissionStatus("ohos.permission.READ_IMAGEVIDEO", status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(FORBIDDEN_OPER, status);
+
+    // not request permission CAMERA
+    ret = AccessTokenKit::GetSelfPermissionStatus("ohos.permission.CAMERA", status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(INVALID_OPER, status);
+}
+
+/**
+ * @tc.name: GetSelfPermissionStatus003
+ * @tc.desc: grant permission status
+ * @tc.type: FUNC
+ * @tc.require: Issue Number
+ */
+HWTEST_F(GetSelfPermissionStatusTest, GetSelfPermissionStatus003, TestSize.Level1)
+{
+    AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+    AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
+    ASSERT_NE(INVALID_TOKENID, tokenID);
+
+    {
+        std::vector<std::string> reqPerm;
+        reqPerm.emplace_back("ohos.permission.GRANT_SENSITIVE_PERMISSIONS");
+        MockHapToken mock("GetSelfPermissionStatus003", reqPerm, true);
+
+        // grant user set
+        ASSERT_EQ(0, AccessTokenKit::GrantPermission(tokenID, APPROXIMATELY_LOCATION_PERMISSION, PERMISSION_USER_SET));
+    }
+
+    // grant permission
+    PermissionOper status;
+    int32_t ret = AccessTokenKit::GetSelfPermissionStatus(APPROXIMATELY_LOCATION_PERMISSION, status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(PASS_OPER, status);
+
+    // user set DENIED
+    ret = AccessTokenKit::GetSelfPermissionStatus("ohos.permission.MICROPHONE", status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(DYNAMIC_OPER, status);
+
+    // user fixed DENIED
+    ret = AccessTokenKit::GetSelfPermissionStatus("ohos.permission.WRITE_CALENDAR", status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(SETTING_OPER, status);
+
+    // user set GRANTED
+    ret = AccessTokenKit::GetSelfPermissionStatus("ohos.permission.READ_IMAGEVIDEO", status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(PASS_OPER, status);
+
+    // not request permission CAMERA
+    ret = AccessTokenKit::GetSelfPermissionStatus("ohos.permission.CAMERA", status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(INVALID_OPER, status);
+}
+
+/**
+ * @tc.name: GetSelfPermissionStatus004
+ * @tc.desc: revoke user set permission status
+ * @tc.type: FUNC
+ * @tc.require: Issue Number
+ */
+HWTEST_F(GetSelfPermissionStatusTest, GetSelfPermissionStatus004, TestSize.Level1)
+{
+    AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+    AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
+    ASSERT_NE(INVALID_TOKENID, tokenID);
+
+    {
+        std::vector<std::string> reqPerm;
+        reqPerm.emplace_back("ohos.permission.REVOKE_SENSITIVE_PERMISSIONS");
+        MockHapToken mock("GetSelfPermissionStatus004", reqPerm, true);
+
+        // revoke user set
+        ASSERT_EQ(0, AccessTokenKit::RevokePermission(tokenID, "ohos.permission.READ_IMAGEVIDEO", PERMISSION_USER_SET));
+    }
+
+    // default flag, user not operation
+    PermissionOper status;
+    int32_t ret = AccessTokenKit::GetSelfPermissionStatus(APPROXIMATELY_LOCATION_PERMISSION, status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(DYNAMIC_OPER, status);
+
+    // user set DENIED
+    ret = AccessTokenKit::GetSelfPermissionStatus("ohos.permission.MICROPHONE", status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(DYNAMIC_OPER, status);
+
+    // user fixed DENIED
+    ret = AccessTokenKit::GetSelfPermissionStatus("ohos.permission.WRITE_CALENDAR", status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(SETTING_OPER, status);
+
+    // revoke user set
+    ret = AccessTokenKit::GetSelfPermissionStatus("ohos.permission.READ_IMAGEVIDEO", status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(DYNAMIC_OPER, status);
+
+    // not request permission CAMERA
+    ret = AccessTokenKit::GetSelfPermissionStatus("ohos.permission.CAMERA", status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(INVALID_OPER, status);
+}
+
+/**
+ * @tc.name: GetSelfPermissionStatus005
+ * @tc.desc: revoke user fixed permission status
+ * @tc.type: FUNC
+ * @tc.require: Issue Number
+ */
+HWTEST_F(GetSelfPermissionStatusTest, GetSelfPermissionStatus005, TestSize.Level1)
+{
+    AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+    AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
+    ASSERT_NE(INVALID_TOKENID, tokenID);
+
+    {
+        std::vector<std::string> reqPerm;
+        reqPerm.emplace_back("ohos.permission.REVOKE_SENSITIVE_PERMISSIONS");
+        MockHapToken mock("GetSelfPermissionStatus005", reqPerm, true);
+
+        // revoke user fixed
+        ASSERT_EQ(0,
+            AccessTokenKit::RevokePermission(tokenID, "ohos.permission.READ_IMAGEVIDEO", PERMISSION_USER_FIXED));
+    }
+
+    // default flag, user not operation
+    PermissionOper status;
+    int32_t ret = AccessTokenKit::GetSelfPermissionStatus(APPROXIMATELY_LOCATION_PERMISSION, status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(DYNAMIC_OPER, status);
+
+    // user set DENIED
+    ret = AccessTokenKit::GetSelfPermissionStatus("ohos.permission.MICROPHONE", status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(DYNAMIC_OPER, status);
+
+    // user fixed DENIED
+    ret = AccessTokenKit::GetSelfPermissionStatus("ohos.permission.WRITE_CALENDAR", status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(SETTING_OPER, status);
+
+    // revoke user fixed
+    ret = AccessTokenKit::GetSelfPermissionStatus("ohos.permission.READ_IMAGEVIDEO", status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(SETTING_OPER, status);
+
+    // not request permission CAMERA
+    ret = AccessTokenKit::GetSelfPermissionStatus("ohos.permission.CAMERA", status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(INVALID_OPER, status);
+}
+
+/**
+ * @tc.name: GetSelfPermissionStatus006
+ * @tc.desc: invalid permission
+ * @tc.type: FUNC
+ * @tc.require: Issue Number
+ */
+HWTEST_F(GetSelfPermissionStatusTest, GetSelfPermissionStatus006, TestSize.Level1)
+{
+    AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+    AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
+    ASSERT_NE(INVALID_TOKENID, tokenID);
+
+    PermissionOper status;
+    // invalid permission
+    int32_t ret = AccessTokenKit::GetSelfPermissionStatus("ohos.permission.TTTTT", status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(INVALID_OPER, status);
+
+    // not request permission
+    ret = AccessTokenKit::GetSelfPermissionStatus("ohos.permission.ACCESS_NEARLINK", status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(INVALID_OPER, status);
+
+    // empty permission
+    std::string testPerm1;
+    ret = AccessTokenKit::GetSelfPermissionStatus(testPerm1, status);
+    EXPECT_EQ(ERR_PARAM_INVALID, ret);
+
+    // oversize permission
+    std::string testPerm2(257, 'a');
+    ret = AccessTokenKit::GetSelfPermissionStatus(testPerm2, status);
+    EXPECT_EQ(ERR_PARAM_INVALID, ret);
+}
+
+/**
+ * @tc.name: GetSelfPermissionStatus007
+ * @tc.desc: location permission test
+ * @tc.type: FUNC
+ * @tc.require: Issue Number
+ */
+HWTEST_F(GetSelfPermissionStatusTest, GetSelfPermissionStatus007, TestSize.Level1)
+{
+    AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+    AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
+    ASSERT_NE(INVALID_TOKENID, tokenID);
+
+    // default flag, user not operation
+    PermissionOper status;
+    int32_t ret = AccessTokenKit::GetSelfPermissionStatus(APPROXIMATELY_LOCATION_PERMISSION, status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(DYNAMIC_OPER, status);
+
+    // APPROXIMATELY_LOCATION not set, LOCATION status is INVALID_OPER
+    ret = AccessTokenKit::GetSelfPermissionStatus(LOCATION_PERMISSION, status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(INVALID_OPER, status);
+
+    {
+        std::vector<std::string> reqPerm;
+        reqPerm.emplace_back("ohos.permission.GRANT_SENSITIVE_PERMISSIONS");
+        MockHapToken mock("GetSelfPermissionStatus0071", reqPerm, true);
+
+        // grant user set
+        ASSERT_EQ(0, AccessTokenKit::GrantPermission(tokenID, APPROXIMATELY_LOCATION_PERMISSION, PERMISSION_USER_SET));
+    }
+
+    // grant permission
+    ret = AccessTokenKit::GetSelfPermissionStatus(APPROXIMATELY_LOCATION_PERMISSION, status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(PASS_OPER, status);
+
+    // APPROXIMATELY_LOCATION already set, LOCATION status is DYNAMIC_OPER
+    ret = AccessTokenKit::GetSelfPermissionStatus(LOCATION_PERMISSION, status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(DYNAMIC_OPER, status);
+
+    {
+        std::vector<std::string> reqPerm;
+        reqPerm.emplace_back("ohos.permission.GRANT_SENSITIVE_PERMISSIONS");
+        MockHapToken mock("GetSelfPermissionStatus0072", reqPerm, true);
+
+        // grant user set
+        ASSERT_EQ(0, AccessTokenKit::GrantPermission(tokenID, LOCATION_PERMISSION, PERMISSION_USER_SET));
+    }
+
+    // grant permission
+    ret = AccessTokenKit::GetSelfPermissionStatus(LOCATION_PERMISSION, status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(PASS_OPER, status);
+}
+
+/**
+ * @tc.name: GetSelfPermissionStatus008
+ * @tc.desc: only change flag
+ * @tc.type: FUNC
+ * @tc.require: Issue Number
+ */
+HWTEST_F(GetSelfPermissionStatusTest, GetSelfPermissionStatus008, TestSize.Level1)
+{
+    AccessTokenIDEx tokenIdEx = TestCommon::GetHapTokenIdFromBundle(TEST_USER_ID, TEST_BUNDLE_NAME, 0);
+    AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
+    ASSERT_NE(INVALID_TOKENID, tokenID);
+
+    // default flag, user not operation
+    PermissionOper status;
+    int32_t ret = AccessTokenKit::GetSelfPermissionStatus(APPROXIMATELY_LOCATION_PERMISSION, status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(DYNAMIC_OPER, status);
+
+    {
+        std::vector<std::string> reqPerm;
+        reqPerm.emplace_back("ohos.permission.GRANT_SENSITIVE_PERMISSIONS");
+        MockHapToken mock("GetSelfPermissionStatus0081", reqPerm, true);
+
+        // grant user set
+        ASSERT_EQ(0, AccessTokenKit::GrantPermission(tokenID, APPROXIMATELY_LOCATION_PERMISSION, PERMISSION_USER_SET));
+    }
+
+    // grant permission
+    ret = AccessTokenKit::GetSelfPermissionStatus(APPROXIMATELY_LOCATION_PERMISSION, status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(PASS_OPER, status);
+
+    {
+        std::vector<std::string> reqPerm;
+        reqPerm.emplace_back("ohos.permission.REVOKE_SENSITIVE_PERMISSIONS");
+        MockHapToken mock("GetSelfPermissionStatus0082", reqPerm, true);
+
+        // revoke user fixed
+        ASSERT_EQ(0, AccessTokenKit::RevokePermission(
+            tokenID, APPROXIMATELY_LOCATION_PERMISSION, PERMISSION_USER_FIXED));
+    }
+
+    // revoke permission
+    ret = AccessTokenKit::GetSelfPermissionStatus(APPROXIMATELY_LOCATION_PERMISSION, status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(SETTING_OPER, status);
+
+    {
+        std::vector<std::string> reqPerm;
+        reqPerm.emplace_back("ohos.permission.REVOKE_SENSITIVE_PERMISSIONS");
+        MockHapToken mock("GetSelfPermissionStatus0083", reqPerm, true);
+
+        // revoke to default flag
+        ASSERT_EQ(0, AccessTokenKit::RevokePermission(
+            tokenID, APPROXIMATELY_LOCATION_PERMISSION, PERMISSION_DEFAULT_FLAG));
+    }
+
+    ret = AccessTokenKit::GetSelfPermissionStatus(APPROXIMATELY_LOCATION_PERMISSION, status);
+    EXPECT_EQ(RET_SUCCESS, ret);
+    EXPECT_EQ(DYNAMIC_OPER, status);
+}
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
diff --git a/interfaces/innerkits/accesstoken/test/unittest/PermisionDialogTest/get_self_permission_status_test.h b/interfaces/innerkits/accesstoken/test/unittest/PermisionDialogTest/get_self_permission_status_test.h
new file mode 100644
index 000000000..58ee97f3e
--- /dev/null
+++ b/interfaces/innerkits/accesstoken/test/unittest/PermisionDialogTest/get_self_permission_status_test.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (c) 2025 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef GET_SELF_PERMISSION_STATUS_TEST_H
+#define GET_SELF_PERMISSION_STATUS_TEST_H
+
+#include <gtest/gtest.h>
+
+#include "access_token.h"
+#include "accesstoken_kit.h"
+#include "permission_def.h"
+#include "permission_state_full.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+class GetSelfPermissionStatusTest : public testing::Test {
+public:
+    static void SetUpTestCase();
+    static void TearDownTestCase();
+    void SetUp();
+    void TearDown();
+    unsigned int GetAccessTokenID(int userID, std::string bundleName, int instIndex);
+    AccessTokenID AllocTestToken(const HapInfoParams& hapInfo, const HapPolicyParams& hapPolicy) const;
+    void DeleteTestToken() const;
+};
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
+#endif // GET_SELF_PERMISSION_STATUS_TEST_H
diff --git a/interfaces/innerkits/accesstoken/test/unittest/ProxyMockTest/accesstoken_mock_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/ProxyMockTest/accesstoken_mock_test.cpp
index 1678ab82f..6d919b20c 100644
--- a/interfaces/innerkits/accesstoken/test/unittest/ProxyMockTest/accesstoken_mock_test.cpp
+++ b/interfaces/innerkits/accesstoken/test/unittest/ProxyMockTest/accesstoken_mock_test.cpp
@@ -341,6 +341,19 @@ HWTEST_F(AccessTokenMockTest, GetPermissionRequestToggleStatus001, TestSize.Leve
         status, userID));
 }
 
+/**
+ * @tc.name: GetSelfPermissionStatus001
+ * @tc.desc: GetSelfPermissionStatus with proxy is null
+ * @tc.type: FUNC
+ * @tc.require:
+ */
+HWTEST_F(AccessTokenMockTest, GetSelfPermissionStatus001, TestSize.Level1)
+{
+    std::string permission = "ohos.permission.CAMERA";
+    PermissionOper status;
+    ASSERT_EQ(AccessTokenError::ERR_SERVICE_ABNORMAL, AccessTokenKit::GetSelfPermissionStatus(permission, status));
+}
+
 /**
  * @tc.name: GetSelfPermissionsState001
  * @tc.desc: GetSelfPermissionsState with proxy is null
diff --git a/interfaces/kits/cj/accesstoken/include/at_manager_impl.h b/interfaces/kits/cj/accesstoken/include/at_manager_impl.h
index 512f66d93..96e92dae8 100644
--- a/interfaces/kits/cj/accesstoken/include/at_manager_impl.h
+++ b/interfaces/kits/cj/accesstoken/include/at_manager_impl.h
@@ -57,7 +57,7 @@ const int AT_PERM_OPERA_FAIL = -1;
 const int AT_PERM_OPERA_SUCC = 0;
 const int32_t PARAM_DEFAULT_VALUE = -1;
 
-struct PermissionStatusCache {
+struct GrantStatusCache {
     int32_t status;
     std::string paramValue;
 };
diff --git a/interfaces/kits/cj/accesstoken/src/at_manager_impl.cpp b/interfaces/kits/cj/accesstoken/src/at_manager_impl.cpp
index 6cf2e6c12..9165560ce 100644
--- a/interfaces/kits/cj/accesstoken/src/at_manager_impl.cpp
+++ b/interfaces/kits/cj/accesstoken/src/at_manager_impl.cpp
@@ -33,7 +33,7 @@ namespace CJSystemapi {
 std::mutex g_lockForPermStateChangeRegisters;
 std::vector<RegisterPermStateChangeInfo*> g_permStateChangeRegisters;
 std::mutex g_lockCache;
-std::map<std::string, PermissionStatusCache> g_cache;
+std::map<std::string, GrantStatusCache> g_cache;
 static PermissionParamCache g_paramCache;
 std::mutex g_lockForPermRequestCallbacks;
 static const char* PERMISSION_STATUS_CHANGE_KEY = "accesstoken.permission.change";
diff --git a/interfaces/kits/js/napi/accesstoken/include/napi_atmanager.h b/interfaces/kits/js/napi/accesstoken/include/napi_atmanager.h
index d36729b27..5545ecaa2 100644
--- a/interfaces/kits/js/napi/accesstoken/include/napi_atmanager.h
+++ b/interfaces/kits/js/napi/accesstoken/include/napi_atmanager.h
@@ -93,13 +93,19 @@ struct AtManagerSyncContext {
     std::string permissionName;
     int32_t result = RET_FAILED;
     int32_t errorCode = 0;
+    PermissionOper permissionsState = PermissionOper::INVALID_OPER;
 };
 
-struct PermissionStatusCache {
+struct GrantStatusCache {
     int32_t status;
     std::string paramValue;
 };
 
+struct PermissionStatusCache {
+    PermissionOper status;
+    std::string paramValue;
+};
+
 struct PermissionParamCache {
     long long sysCommitIdCache = PARAM_DEFAULT_VALUE;
     int32_t commitIdCache = PARAM_DEFAULT_VALUE;
@@ -124,6 +130,7 @@ private:
     static napi_value SetPermissionRequestToggleStatus(napi_env env, napi_callback_info info);
     static napi_value GetPermissionRequestToggleStatus(napi_env env, napi_callback_info info);
     static napi_value RequestAppPermOnSetting(napi_env env, napi_callback_info info);
+    static napi_value GetSelfPermissionStatusSync(napi_env env, napi_callback_info info);
 
     static bool ParseInputVerifyPermissionOrGetFlag(const napi_env env, const napi_callback_info info,
         AtManagerAsyncContext& asyncContext);
@@ -133,6 +140,8 @@ private:
         AtManagerAsyncContext& asyncContext);
     static bool ParseInputGetToggleStatus(const napi_env env, const napi_callback_info info,
         AtManagerAsyncContext& asyncContext);
+    static bool ParseInputGetPermStatus(const napi_env env, const napi_callback_info info,
+        AtManagerSyncContext& syncContext);
     static void VerifyAccessTokenExecute(napi_env env, void *data);
     static void VerifyAccessTokenComplete(napi_env env, napi_status status, void *data);
     static void CheckAccessTokenExecute(napi_env env, void* data);
@@ -172,7 +181,7 @@ private:
         std::vector<RegisterPermStateChangeInfo*>& batchPermStateChangeRegisters, const napi_env env);
     static void DeleteRegisterFromVector(const PermStateChangeScope& scopeInfo, const napi_env env,
         napi_ref subscriberRef);
-    static std::string GetPermParamValue();
+    static std::string GetPermParamValue(PermissionParamCache& paramCache, const char* paramKey);
     static void UpdatePermissionCache(AtManagerSyncContext* syncContext);
 };
 } // namespace AccessToken
diff --git a/services/accesstokenmanager/etc/access_token.para b/services/accesstokenmanager/etc/access_token.para
index c9f7458a9..27ad49588 100644
--- a/services/accesstokenmanager/etc/access_token.para
+++ b/services/accesstokenmanager/etc/access_token.para
@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Huawei Device Co., Ltd.
+# Copyright (c) 2022-2025 Huawei Device Co., Ltd.
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@@ -13,4 +13,5 @@
 
 
 accesstoken.permission.change = 0
-accesstoken.permission.init = 0
\ No newline at end of file
+accesstoken.permission.init = 0
+accesstoken.permission.flagchange = 0
\ No newline at end of file
diff --git a/services/accesstokenmanager/etc/access_token.para.dac b/services/accesstokenmanager/etc/access_token.para.dac
index 33de56a3e..15b0be5d2 100644
--- a/services/accesstokenmanager/etc/access_token.para.dac
+++ b/services/accesstokenmanager/etc/access_token.para.dac
@@ -1,4 +1,4 @@
-# Copyright (c) 2022 Huawei Device Co., Ltd.
+# Copyright (c) 2022-2025 Huawei Device Co., Ltd.
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
@@ -13,3 +13,4 @@
 
 accesstoken.permission.change="access_token:access_token:0774"
 accesstoken.permission.init="access_token:access_token:0774"
+accesstoken.permission.flagchange="access_token:access_token:0774"
diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h
index e0b4eb58c..7f883da0d 100644
--- a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h
+++ b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h
@@ -83,6 +83,7 @@ public:
         std::vector<PermissionStatus>& permsList, int32_t apiVersion);
     void NotifyPermGrantStoreResult(bool result, uint64_t timestamp);
     void ParamUpdate(const std::string& permissionName, uint32_t flag, bool filtered);
+    void ParamFlagUpdate();
     void NotifyWhenPermissionStateUpdated(AccessTokenID tokenID, const std::string& permissionName,
         bool isGranted, uint32_t flag, const std::shared_ptr<HapTokenInfoInner>& infoPtr);
     void AddNativePermToKernel(
@@ -123,6 +124,9 @@ private:
     OHOS::Utils::RWLock permParamSetLock_;
     uint64_t paramValue_ = 0;
 
+    OHOS::Utils::RWLock permFlagParamSetLock_;
+    uint64_t paramFlagValue_ = 0;
+
     OHOS::Utils::RWLock permToggleStateLock_;
     DISALLOW_COPY_AND_MOVE(PermissionManager);
 
diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h
index befb3df1b..3f10dbd49 100644
--- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h
+++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h
@@ -56,6 +56,7 @@ public:
     int GetDefPermission(const std::string& permissionName, PermissionDefParcel& permissionDefResult) override;
     int GetReqPermissions(
         AccessTokenID tokenID, std::vector<PermissionStatusParcel>& reqPermList, bool isSystemGrant) override;
+    int32_t GetSelfPermissionStatus(const std::string& permissionName, int32_t& status) override;
     PermissionOper GetSelfPermissionsState(std::vector<PermissionListStateParcel>& reqPermList,
         PermissionGrantInfoParcel& infoParcel) override;
     int32_t GetPermissionsStatus(AccessTokenID tokenID, std::vector<PermissionListStateParcel>& reqPermList) override;
diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h
index 03647a2e5..e86803546 100644
--- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h
+++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_stub.h
@@ -39,6 +39,7 @@ private:
     void VerifyAccessTokenWithListInner(MessageParcel& data, MessageParcel& reply);
     void GetDefPermissionInner(MessageParcel& data, MessageParcel& reply);
     void GetReqPermissionsInner(MessageParcel& data, MessageParcel& reply);
+    void GetSelfPermissionStatusInner(MessageParcel& data, MessageParcel& reply);
     void GetSelfPermissionsStateInner(MessageParcel& data, MessageParcel& reply);
     void GetPermissionsStatusInner(MessageParcel& data, MessageParcel& reply);
     void GetPermissionFlagInner(MessageParcel& data, MessageParcel& reply);
diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp
index 30d1882b3..853e5931b 100644
--- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp
+++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp
@@ -49,6 +49,7 @@ namespace Security {
 namespace AccessToken {
 namespace {
 static const char* PERMISSION_STATUS_CHANGE_KEY = "accesstoken.permission.change";
+static const char* PERMISSION_STATUS_FLAG_CHANGE_KEY = "accesstoken.permission.flagchange";
 static constexpr int32_t VALUE_MAX_LEN = 32;
 static const std::vector<std::string> g_notDisplayedPerms = {
     "ohos.permission.ANSWER_CALL",
@@ -92,8 +93,18 @@ PermissionManager::PermissionManager()
         LOGE(ATM_DOMAIN, ATM_TAG, "Return default value, ret=%{public}d", ret);
         paramValue_ = 0;
         return;
+    } else {
+        paramValue_ = static_cast<uint64_t>(std::atoll(value));
     }
-    paramValue_ = static_cast<uint64_t>(std::atoll(value));
+
+    char flagValue[VALUE_MAX_LEN] = {0};
+    ret = GetParameter(PERMISSION_STATUS_FLAG_CHANGE_KEY, "", flagValue, VALUE_MAX_LEN - 1);
+    if (ret < 0) {
+        LOGE(ATM_DOMAIN, ATM_TAG, "Return default flag value, ret=%{public}d", ret);
+        paramFlagValue_ = 0;
+        return;
+    }
+    paramFlagValue_ = static_cast<uint64_t>(std::atoll(flagValue));
 }
 
 PermissionManager::~PermissionManager()
@@ -317,6 +328,18 @@ void PermissionManager::ParamUpdate(const std::string& permissionName, uint32_t
     }
 }
 
+void PermissionManager::ParamFlagUpdate()
+{
+    Utils::UniqueWriteGuard<Utils::RWLock> infoGuard(this->permFlagParamSetLock_);
+    paramFlagValue_++;
+    LOGD(ATM_DOMAIN, ATM_TAG,
+        "paramFlagValue_ change %{public}llu", static_cast<unsigned long long>(paramFlagValue_));
+    int32_t res = SetParameter(PERMISSION_STATUS_FLAG_CHANGE_KEY, std::to_string(paramFlagValue_).c_str());
+    if (res != 0) {
+        LOGE(ATM_DOMAIN, ATM_TAG, "SetParameter failed %{public}d", res);
+    }
+}
+
 void PermissionManager::NotifyWhenPermissionStateUpdated(AccessTokenID tokenID, const std::string& permissionName,
     bool isGranted, uint32_t flag, const std::shared_ptr<HapTokenInfoInner>& infoPtr)
 {
@@ -365,6 +388,10 @@ int32_t PermissionManager::UpdateTokenPermissionState(
             "INT_VAL2", static_cast<int32_t>(flag), "NEED_KILL", needKill);
         return ret;
     }
+
+    // notify flag change
+    ParamFlagUpdate();
+
     if (statusChanged) {
         NotifyWhenPermissionStateUpdated(id, permission, isGranted, flag, infoPtr);
         // To notify kill process when perm is revoke
diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp
index ff56b39dd..677d2d28a 100644
--- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp
+++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp
@@ -221,6 +221,18 @@ int AccessTokenManagerService::GetReqPermissions(
     return ret;
 }
 
+int32_t AccessTokenManagerService::GetSelfPermissionStatus(const std::string& permissionName, int32_t& status)
+{
+    AccessTokenID callingTokenID = IPCSkeleton::GetCallingTokenID();
+    PermissionListStateParcel parcel;
+    parcel.permsState.permissionName = permissionName;
+    parcel.permsState.state = INVALID_OPER;
+    std::vector<PermissionListStateParcel> list{parcel};
+    GetPermissionsState(callingTokenID, list);
+    status = static_cast<int32_t>(list[0].permsState.state);
+    return ERR_OK;
+}
+
 PermissionOper AccessTokenManagerService::GetSelfPermissionsState(std::vector<PermissionListStateParcel>& reqPermList,
     PermissionGrantInfoParcel& infoParcel)
 {
diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp
index 9271dc038..d9767ca5e 100644
--- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp
+++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp
@@ -204,6 +204,24 @@ void AccessTokenManagerStub::GetReqPermissionsInner(MessageParcel& data, Message
     }
 }
 
+void AccessTokenManagerStub::GetSelfPermissionStatusInner(MessageParcel& data, MessageParcel& reply)
+{
+    std::string permissionName;
+    if (!data.ReadString(permissionName)) {
+        LOGE(ATM_DOMAIN, ATM_TAG, "ReadString fail");
+        reply.WriteInt32(AccessTokenError::ERR_READ_PARCEL_FAILED);
+        return;
+    }
+
+    int32_t status;
+    int32_t result = this->GetSelfPermissionStatus(permissionName, status);
+    IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(result), "WriteInt32 failed.");
+    if (result != RET_SUCCESS) {
+        return;
+    }
+    IF_FALSE_RETURN_LOG(ATM_DOMAIN, ATM_TAG, reply.WriteInt32(status), "WriteInt32 failed.");
+}
+
 void AccessTokenManagerStub::GetSelfPermissionsStateInner(MessageParcel& data, MessageParcel& reply)
 {
     std::vector<PermissionListStateParcel> permList;
@@ -1289,6 +1307,8 @@ void AccessTokenManagerStub::SetPermissionOpFuncInMap()
         &AccessTokenManagerStub::GrantPermissionForSpecifiedTimeInner;
     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::CLEAR_USER_GRANT_PERMISSION)] =
         &AccessTokenManagerStub::ClearUserGrantedPermissionStateInner;
+    requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_SELF_PERMISSION_STATUS)] =
+        &AccessTokenManagerStub::GetSelfPermissionStatusInner;
     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_PERMISSION_OPER_STATE)] =
         &AccessTokenManagerStub::GetSelfPermissionsStateInner;
     requestFuncMap_[static_cast<uint32_t>(AccessTokenInterfaceCode::GET_PERMISSIONS_STATUS)] =
diff --git a/test/fuzztest/innerkits/accesstoken/BUILD.gn b/test/fuzztest/innerkits/accesstoken/BUILD.gn
index 8b1334097..6ebac1ef1 100644
--- a/test/fuzztest/innerkits/accesstoken/BUILD.gn
+++ b/test/fuzztest/innerkits/accesstoken/BUILD.gn
@@ -40,6 +40,7 @@ group("fuzztest") {
     "getrendertokenid_fuzzer:GetRenderTokenIdFuzzTest",
     "getreqpermissions_fuzzer:GetReqPermissionsFuzzTest",
     "getselfpermissionsstate_fuzzer:GetSelfPermissionsStateFuzzTest",
+    "getselfpermissionstatus_fuzzer:GetSelfPermissionStatusFuzzTest",
     "gettokenidbyuserid_fuzzer:GetTokenIDByUserIDFuzzTest",
     "gettokentype_fuzzer:GetTokenTypeFuzzTest",
     "gettokentypeflag_fuzzer:GetTokenTypeFlagFuzzTest",
diff --git a/test/fuzztest/innerkits/accesstoken/getselfpermissionstatus_fuzzer/BUILD.gn b/test/fuzztest/innerkits/accesstoken/getselfpermissionstatus_fuzzer/BUILD.gn
new file mode 100644
index 000000000..2968c428b
--- /dev/null
+++ b/test/fuzztest/innerkits/accesstoken/getselfpermissionstatus_fuzzer/BUILD.gn
@@ -0,0 +1,42 @@
+# Copyright (c) 2025 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/config/features.gni")
+import("//build/test.gni")
+import("../../../../../access_token.gni")
+
+ohos_fuzztest("GetSelfPermissionStatusFuzzTest") {
+  module_out_path = module_output_path_interface_access_token
+  fuzz_config_file = "."
+  include_dirs = [
+    "${access_token_path}/interfaces/innerkits/accesstoken/include",
+    "${access_token_path}/test/fuzztest/common",
+  ]
+  cflags = [
+    "-g",
+    "-O0",
+    "-Wno-unused-variable",
+    "-fno-omit-frame-pointer",
+  ]
+  sources = [ "getselfpermissionstatus_fuzzer.cpp" ]
+  deps = [
+    "${access_token_path}/interfaces/innerkits/accesstoken:libaccesstoken_sdk",
+  ]
+
+  configs = [ "${access_token_path}/config:coverage_flags" ]
+
+  external_deps = [
+    "c_utils:utils",
+    "hilog:libhilog",
+  ]
+}
diff --git a/test/fuzztest/innerkits/accesstoken/getselfpermissionstatus_fuzzer/corpus/init b/test/fuzztest/innerkits/accesstoken/getselfpermissionstatus_fuzzer/corpus/init
new file mode 100644
index 000000000..8f37f0925
--- /dev/null
+++ b/test/fuzztest/innerkits/accesstoken/getselfpermissionstatus_fuzzer/corpus/init
@@ -0,0 +1,13 @@
+# Copyright (c) 2025 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+FUZZ
\ No newline at end of file
diff --git a/test/fuzztest/innerkits/accesstoken/getselfpermissionstatus_fuzzer/getselfpermissionstatus_fuzzer.cpp b/test/fuzztest/innerkits/accesstoken/getselfpermissionstatus_fuzzer/getselfpermissionstatus_fuzzer.cpp
new file mode 100644
index 000000000..a9b21bd23
--- /dev/null
+++ b/test/fuzztest/innerkits/accesstoken/getselfpermissionstatus_fuzzer/getselfpermissionstatus_fuzzer.cpp
@@ -0,0 +1,50 @@
+/*
+ * Copyright (c) 2025 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "getselfpermissionstatus_fuzzer.h"
+
+#include <string>
+#include <vector>
+#include <thread>
+#include "accesstoken_fuzzdata.h"
+#undef private
+#include "accesstoken_kit.h"
+
+using namespace std;
+using namespace OHOS::Security::AccessToken;
+
+namespace OHOS {
+    bool GetSelfPermissionStatusFuzzTest(const uint8_t* data, size_t size)
+    {
+        if ((data == nullptr) || (size == 0)) {
+            return false;
+        }
+
+        AccessTokenFuzzData fuzzData(data, size);
+        std::string permissionName = fuzzData.GenerateStochasticString();
+        PermissionOper status;
+
+        AccessTokenKit::GetSelfPermissionStatus(permissionName, status);
+        return true;
+    }
+}
+
+/* Fuzzer entry point */
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+    /* Run your code on data */
+    OHOS::GetSelfPermissionStatusFuzzTest(data, size);
+    return 0;
+}
diff --git a/test/fuzztest/innerkits/accesstoken/getselfpermissionstatus_fuzzer/getselfpermissionstatus_fuzzer.h b/test/fuzztest/innerkits/accesstoken/getselfpermissionstatus_fuzzer/getselfpermissionstatus_fuzzer.h
new file mode 100644
index 000000000..46854bbce
--- /dev/null
+++ b/test/fuzztest/innerkits/accesstoken/getselfpermissionstatus_fuzzer/getselfpermissionstatus_fuzzer.h
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2025 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef TEST_FUZZTEST_GETSELFPERMISSIONSTATUS_FUZZER_H
+#define TEST_FUZZTEST_GETSELFPERMISSIONSTATUS_FUZZER_H
+
+#define FUZZ_PROJECT_NAME "getselfpermissionstatus_fuzzer"
+
+#include <climits>
+#include <cstdlib>
+#include <cstdint>
+#include <cstdio>
+#include <fcntl.h>
+#include <unistd.h>
+
+#endif // TEST_FUZZTEST_GETSELFPERMISSIONSTATUS_FUZZER_H
\ No newline at end of file
diff --git a/test/fuzztest/innerkits/accesstoken/getselfpermissionstatus_fuzzer/project.xml b/test/fuzztest/innerkits/accesstoken/getselfpermissionstatus_fuzzer/project.xml
new file mode 100644
index 000000000..66e1dcac4
--- /dev/null
+++ b/test/fuzztest/innerkits/accesstoken/getselfpermissionstatus_fuzzer/project.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2025 Huawei Device Co., Ltd.
+
+     Licensed under the Apache License, Version 2.0 (the "License");
+     you may not use this file except in compliance with the License.
+     You may obtain a copy of the License at
+
+          http://www.apache.org/licenses/LICENSE-2.0
+
+     Unless required by applicable law or agreed to in writing, software
+     distributed under the License is distributed on an "AS IS" BASIS,
+     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+     See the License for the specific language governing permissions and
+     limitations under the License.
+-->
+<fuzz_config>
+  <fuzztest>
+    <!-- maximum length of a test input -->
+    <max_len>1000</max_len>
+    <!-- maximum total time in seconds to run the fuzzer -->
+    <max_total_time>300</max_total_time>
+    <!-- memory usage limit in Mb -->
+    <rss_limit_mb>4096</rss_limit_mb>
+  </fuzztest>
+</fuzz_config>
diff --git a/test/fuzztest/services/accesstoken/BUILD.gn b/test/fuzztest/services/accesstoken/BUILD.gn
index 99767dcd1..ef172e338 100644
--- a/test/fuzztest/services/accesstoken/BUILD.gn
+++ b/test/fuzztest/services/accesstoken/BUILD.gn
@@ -39,6 +39,7 @@ group("fuzztest") {
     "getreqpermissionbynamestub_fuzzer:GetReqPermissionByNameStubFuzzTest",
     "getreqpermissionsstub_fuzzer:GetReqPermissionsStubFuzzTest",
     "getselfpermissionsstatestub_fuzzer:GetSelfPermissionsStateStubFuzzTest",
+    "getselfpermissionstatusstub_fuzzer:GetSelfPermissionStatusStubFuzzTest",
     "gettokenidbyuseridstub_fuzzer:GetTokenIDByUserIDStubFuzzTest",
     "gettokentypestub_fuzzer:GetTokenTypeStubFuzzTest",
     "grantpermissionforspecifiedtimestub_fuzzer:GrantPermissionForSpecifiedTimeStubFuzzTest",
diff --git a/test/fuzztest/services/accesstoken/getselfpermissionstatusstub_fuzzer/BUILD.gn b/test/fuzztest/services/accesstoken/getselfpermissionstatusstub_fuzzer/BUILD.gn
new file mode 100644
index 000000000..bd6650c9d
--- /dev/null
+++ b/test/fuzztest/services/accesstoken/getselfpermissionstatusstub_fuzzer/BUILD.gn
@@ -0,0 +1,47 @@
+# Copyright (c) 2025 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/config/features.gni")
+import("//build/test.gni")
+import("../../../../../access_token.gni")
+import("../access_token_service_fuzz.gni")
+
+ohos_fuzztest("GetSelfPermissionStatusStubFuzzTest") {
+  module_out_path = module_output_path_service_access_token
+  fuzz_config_file = "."
+
+  sources = [ "getselfpermissionstatusstub_fuzzer.cpp" ]
+
+  cflags = [
+    "-g",
+    "-O0",
+    "-Wno-unused-variable",
+    "-fno-omit-frame-pointer",
+  ]
+
+  include_dirs = access_token_include_dirs
+
+  deps = access_token_deps
+
+  configs = [ "${access_token_path}/config:coverage_flags" ]
+
+  external_deps = access_token_external_deps
+
+  include_dirs += access_token_impl_include_dirs
+
+  cflags_cc = access_token_cflags_cc
+
+  sources += access_token_sources
+
+  sources += access_token_impl_sources
+}
diff --git a/test/fuzztest/services/accesstoken/getselfpermissionstatusstub_fuzzer/corpus/init b/test/fuzztest/services/accesstoken/getselfpermissionstatusstub_fuzzer/corpus/init
new file mode 100644
index 000000000..65af8ee8d
--- /dev/null
+++ b/test/fuzztest/services/accesstoken/getselfpermissionstatusstub_fuzzer/corpus/init
@@ -0,0 +1,14 @@
+# Copyright (c) 2025 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+FUZZ
\ No newline at end of file
diff --git a/test/fuzztest/services/accesstoken/getselfpermissionstatusstub_fuzzer/getselfpermissionstatusstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getselfpermissionstatusstub_fuzzer/getselfpermissionstatusstub_fuzzer.cpp
new file mode 100644
index 000000000..0b09e66f1
--- /dev/null
+++ b/test/fuzztest/services/accesstoken/getselfpermissionstatusstub_fuzzer/getselfpermissionstatusstub_fuzzer.cpp
@@ -0,0 +1,60 @@
+/*
+ * Copyright (c) 2025 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "getselfpermissionstatusstub_fuzzer.h"
+
+#include <string>
+#include <thread>
+#include <vector>
+#undef private
+#include "accesstoken_fuzzdata.h"
+#include "accesstoken_manager_service.h"
+#include "i_accesstoken_manager.h"
+
+using namespace std;
+using namespace OHOS;
+using namespace OHOS::Security::AccessToken;
+
+namespace OHOS {
+    bool GetSelfPermissionStatusStubFuzzTest(const uint8_t* data, size_t size)
+    {
+        if ((data == nullptr) || (size == 0)) {
+            return false;
+        }
+        AccessTokenFuzzData fuzzData(data, size);
+        std::string permissionName = fuzzData.GenerateStochasticString();
+        MessageParcel datas;
+        datas.WriteInterfaceToken(IAccessTokenManager::GetDescriptor());
+        if (!datas.WriteString(permissionName)) {
+            return false;
+        }
+
+        uint32_t code = static_cast<uint32_t>(
+            AccessTokenInterfaceCode::GET_SELF_PERMISSION_STATUS);
+        MessageParcel reply;
+        MessageOption option;
+        DelayedSingleton<AccessTokenManagerService>::GetInstance()->OnRemoteRequest(code, datas, reply, option);
+        return true;
+    }
+}
+
+/* Fuzzer entry point */
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+    /* Run your code on data */
+    OHOS::GetSelfPermissionStatusStubFuzzTest(data, size);
+    return 0;
+}
+ 
diff --git a/test/fuzztest/services/accesstoken/getselfpermissionstatusstub_fuzzer/getselfpermissionstatusstub_fuzzer.h b/test/fuzztest/services/accesstoken/getselfpermissionstatusstub_fuzzer/getselfpermissionstatusstub_fuzzer.h
new file mode 100644
index 000000000..6c3de023f
--- /dev/null
+++ b/test/fuzztest/services/accesstoken/getselfpermissionstatusstub_fuzzer/getselfpermissionstatusstub_fuzzer.h
@@ -0,0 +1,21 @@
+/*
+ * Copyright (c) 2025 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef TEST_FUZZTEST_GETSELFPERMISSIONSTATUSSTUB_FUZZER_H
+#define TEST_FUZZTEST_GETSELFPERMISSIONSTATUSSTUB_FUZZER_H
+
+#define FUZZ_PROJECT_NAME "getselfpermissionstatusstub_fuzzer"
+
+#endif // TEST_FUZZTEST_GETSELFPERMISSIONSTATUSSTUB_FUZZER_H
diff --git a/test/fuzztest/services/accesstoken/getselfpermissionstatusstub_fuzzer/project.xml b/test/fuzztest/services/accesstoken/getselfpermissionstatusstub_fuzzer/project.xml
new file mode 100644
index 000000000..66e1dcac4
--- /dev/null
+++ b/test/fuzztest/services/accesstoken/getselfpermissionstatusstub_fuzzer/project.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2025 Huawei Device Co., Ltd.
+
+     Licensed under the Apache License, Version 2.0 (the "License");
+     you may not use this file except in compliance with the License.
+     You may obtain a copy of the License at
+
+          http://www.apache.org/licenses/LICENSE-2.0
+
+     Unless required by applicable law or agreed to in writing, software
+     distributed under the License is distributed on an "AS IS" BASIS,
+     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+     See the License for the specific language governing permissions and
+     limitations under the License.
+-->
+<fuzz_config>
+  <fuzztest>
+    <!-- maximum length of a test input -->
+    <max_len>1000</max_len>
+    <!-- maximum total time in seconds to run the fuzzer -->
+    <max_total_time>300</max_total_time>
+    <!-- memory usage limit in Mb -->
+    <rss_limit_mb>4096</rss_limit_mb>
+  </fuzztest>
+</fuzz_config>
-- 
Gitee