diff --git a/frameworks/common/BUILD.gn b/frameworks/common/BUILD.gn
index d8c90e81738de09e554829011cc951566b14e331..a970dab5e96e4b78e01eb02f635c1cee0d5dd02a 100644
--- a/frameworks/common/BUILD.gn
+++ b/frameworks/common/BUILD.gn
@@ -21,6 +21,8 @@ config("accesstoken_common_cxx_public_config") {
 
 action("permission_definition_parse") {
   script = "permission_definition_parser.py"
+  inputs = [ rebase_path("${access_token_path}") +
+             "/services/accesstokenmanager/permission_definitions.json" ]
   args = [
     "--input-json",
     rebase_path("${access_token_path}") +
@@ -31,6 +33,35 @@ action("permission_definition_parse") {
   outputs = [ "$target_out_dir" ]
 }
 
+ohos_static_library("accesstoken_static_log") {
+  subsystem_name = "security"
+  part_name = "access_token"
+  sanitize = {
+    cfi = true
+    cfi_cross_dso = true
+    debug = false
+  }
+  branch_protector_ret = "pac_ret"
+
+  public_configs = [ ":accesstoken_common_cxx_public_config" ]
+
+  include_dirs = [ "include" ]
+
+  sources = [ "src/accesstoken_common_log.cpp" ]
+
+  external_deps = [
+    "c_utils:utils",
+    "hilog:libhilog",
+  ]
+
+  configs = [
+    "${access_token_path}/config:access_token_compile_flags",
+    "${access_token_path}/config:coverage_flags",
+  ]
+
+  cflags_cc = [ "-DHILOG_ENABLE" ]
+}
+
 ohos_shared_library("accesstoken_common_cxx") {
   subsystem_name = "security"
   innerapi_tags = [
@@ -61,7 +92,10 @@ ohos_shared_library("accesstoken_common_cxx") {
     "src/time_util.cpp",
   ]
 
-  deps = [ ":permission_definition_parse" ]
+  deps = [
+    ":accesstoken_static_log",
+    ":permission_definition_parse",
+  ]
   external_deps = [
     "c_utils:utils",
     "hilog:libhilog",
diff --git a/frameworks/common/include/accesstoken_common_log.h b/frameworks/common/include/accesstoken_common_log.h
index 634f533a0655ba177f4053083db6556dc794ad80..3286f0bc371a09bfe0a54e3dda6b6730a8ca7dc5 100644
--- a/frameworks/common/include/accesstoken_common_log.h
+++ b/frameworks/common/include/accesstoken_common_log.h
@@ -16,6 +16,7 @@
 #ifndef ACCESSTOKEN_COMMON_LOG_H
 #define ACCESSTOKEN_COMMON_LOG_H
 
+#include <stdint.h>
 #include "hilog/log.h"
 
 #define ATM_DOMAIN 0xD005A01
@@ -24,9 +25,11 @@
 #define PRI_DOMAIN 0xD005A02
 #define PRI_TAG "PRIVACY"
 
+#define LOG_PUBLIC "{public}"
+
 #define LOGF(domain, tag, fmt, ...)            \
     ((void)HILOG_IMPL(LOG_CORE, LOG_FATAL, domain, tag, \
-    "[%{upblic}s:%{public}d]" fmt, __FUNCTION__, __LINE__, ##__VA_ARGS__))
+    "[%{public}s:%{public}d]" fmt, __FUNCTION__, __LINE__, ##__VA_ARGS__))
 #define LOGE(domain, tag, fmt, ...)            \
     ((void)HILOG_IMPL(LOG_CORE, LOG_ERROR, domain, tag, \
     "[%{public}s:%{public}d]" fmt, __FUNCTION__, __LINE__, ##__VA_ARGS__))
@@ -40,6 +43,25 @@
     ((void)HILOG_IMPL(LOG_CORE, LOG_DEBUG, domain, tag, \
     "[%{public}s:%{public}d]" fmt, __FUNCTION__, __LINE__, ##__VA_ARGS__))
 
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+uint32_t GetThreadErrorMsgLen(void);
+const char *GetThreadErrorMsg(void);
+void ClearThreadErrorMsg(void);
+void AddEventMessage(unsigned int domain, const char *tag, const char *format, ...);
+}
+}
+}
+
+#define LOGC(domain, tag, fmt, ...)            \
+do { \
+    ((void)HILOG_IMPL(LOG_CORE, LOG_ERROR, domain, tag, \
+    "[%{public}s:%{public}d]" fmt, __FUNCTION__, __LINE__, ##__VA_ARGS__)); \
+    OHOS::Security::AccessToken::AddEventMessage(domain, tag, \
+        "%" LOG_PUBLIC "s[%" LOG_PUBLIC "u]: " fmt, __func__, __LINE__, ##__VA_ARGS__); \
+} while (0)
+
 #define IF_FALSE_PRINT_LOG(domain, tag, cond, fmt, ...) \
     do { \
         if (!(cond)) { \
diff --git a/frameworks/common/src/accesstoken_common_log.cpp b/frameworks/common/src/accesstoken_common_log.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..47f6fa8e8bc1331f97881b66acc1578510305d34
--- /dev/null
+++ b/frameworks/common/src/accesstoken_common_log.cpp
@@ -0,0 +1,132 @@
+/*
+ * Copyright (c) 2025 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *    http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "accesstoken_common_log.h"
+
+#include <cstdlib>
+#include <cstdio>
+#include <cstdarg>
+#include <cstdint>
+#include <cstring>
+#include <string>
+#include "securec.h"
+
+namespace OHOS {
+namespace Security {
+namespace AccessToken {
+
+constexpr uint32_t MAX_ERROR_MESSAGE_LEN = 4096;
+static __thread uint32_t g_msgLen = 0;
+static __thread char g_errMsg[MAX_ERROR_MESSAGE_LEN + 1];
+
+uint32_t GetThreadErrorMsgLen(void)
+{
+    return g_msgLen;
+}
+
+const char *GetThreadErrorMsg(void)
+{
+    return g_errMsg;
+}
+
+void ClearThreadErrorMsg(void)
+{
+    (void)memset_s(g_errMsg, MAX_ERROR_MESSAGE_LEN + 1, 0, MAX_ERROR_MESSAGE_LEN + 1);
+    g_msgLen = 0;
+}
+
+void AppendThreadErrMsg(unsigned int domain, const char *tag,
+    const uint8_t *buff, uint32_t buffLen)
+{
+    if (g_msgLen + buffLen >= MAX_ERROR_MESSAGE_LEN) {
+        LOGE(domain, tag, "buff will overflow!"
+            "g_msgLen = %{public}u, buffLen = %{public}u", g_msgLen, buffLen);
+        return;
+    }
+    if (memcpy_s(g_errMsg + g_msgLen, MAX_ERROR_MESSAGE_LEN - g_msgLen, buff, buffLen) != EOK) {
+        LOGE(domain, tag, "memcpy_s fail!"
+            "g_msgLen = %{public}u, buffLen = %{public}u", g_msgLen, buffLen);
+        return;
+    }
+    g_msgLen += buffLen;
+}
+
+static bool ReplaceSubstring(unsigned int domain, const char *tag,
+    const char *format, char result[MAX_ERROR_MESSAGE_LEN])
+{
+    std::string formatString(format);
+    std::string::size_type pos;
+    while ((pos = formatString.find(LOG_PUBLIC)) != std::string::npos) {
+        formatString.replace(pos, strlen(LOG_PUBLIC), "");
+    }
+    if (memcpy_s(result, MAX_ERROR_MESSAGE_LEN, formatString.c_str(), formatString.size()) != EOK) {
+        return false;
+    }
+    return true;
+}
+
+void AddEventMessage(unsigned int domain, const char *tag,
+    const char *format, ...)
+{
+    va_list ap;
+
+    if (g_msgLen == 0) {
+        char newFormat[MAX_ERROR_MESSAGE_LEN] = {0};
+        if (!ReplaceSubstring(domain, tag, format, newFormat)) {
+            LOGE(domain, tag, "skip to add errMsg");
+            return;
+        }
+        va_start(ap, format);
+        char buff[MAX_ERROR_MESSAGE_LEN] = {0};
+        int32_t buffLen = vsnprintf_s(buff, MAX_ERROR_MESSAGE_LEN, MAX_ERROR_MESSAGE_LEN - 1, newFormat, ap);
+        va_end(ap);
+        if (buffLen < 0) {
+            LOGE(domain, tag, "vsnprintf_s fail! ret: %{public}d, newFormat:[%{public}s]", buffLen,
+                newFormat);
+            return;
+        }
+        if (g_msgLen + static_cast<uint32_t>(buffLen) >= MAX_ERROR_MESSAGE_LEN) {
+            LOGE(domain, tag, "errMsg is almost full!");
+            return;
+        }
+
+        if (memcpy_s(g_errMsg + g_msgLen, MAX_ERROR_MESSAGE_LEN, buff, buffLen) != EOK) {
+            LOGE(domain, tag, "copy errMsg buff fail!");
+            return;
+        }
+        g_msgLen += static_cast<uint32_t>(buffLen);
+    } else {
+        va_start(ap, format);
+        char *funName = va_arg(ap, char *);
+        uint32_t lineNo = va_arg(ap, uint32_t);
+        va_end(ap);
+
+        if (funName == nullptr) {
+            LOGE(domain, tag, "Get funName fail!");
+            return;
+        }
+        int32_t offset = sprintf_s(g_errMsg + g_msgLen, MAX_ERROR_MESSAGE_LEN - g_msgLen, " <%s[%u]",
+            funName, lineNo);
+        if (offset <= 0) {
+            LOGE(domain, tag, "append call chain fail! offset: [%{public}d]", offset);
+            return;
+        }
+        g_msgLen += static_cast<uint32_t>(offset);
+    }
+}
+
+} // namespace AccessToken
+} // namespace Security
+} // namespace OHOS
\ No newline at end of file
diff --git a/frameworks/common/src/data_validator.cpp b/frameworks/common/src/data_validator.cpp
index 88b217f2a19dccb48bba9a9ba2a8947809f170b3..329636c472a986101af356759f6725f14b71f15c 100644
--- a/frameworks/common/src/data_validator.cpp
+++ b/frameworks/common/src/data_validator.cpp
@@ -27,23 +27,35 @@ namespace AccessToken {
 
 bool DataValidator::IsBundleNameValid(const std::string& bundleName)
 {
-    return !bundleName.empty() && (bundleName.length() <= MAX_LENGTH);
+    bool ret = (!bundleName.empty() && (bundleName.length() <= MAX_LENGTH));
+    if (!ret) {
+        LOGC(ATM_DOMAIN, ATM_TAG, "bunldename %{public}s is invalid.", bundleName.c_str());
+    }
+    return ret;
 }
 
 bool DataValidator::IsLabelValid(const std::string& label)
 {
-    return label.length() <= MAX_LENGTH;
+    bool ret = (label.length() <= MAX_LENGTH);
+    if (!ret) {
+        LOGC(ATM_DOMAIN, ATM_TAG, "label %{public}s is invalid.", label.c_str());
+    }
+    return ret;
 }
 
 bool DataValidator::IsDescValid(const std::string& desc)
 {
-    return desc.length() <= MAX_LENGTH;
+    bool ret = desc.length() <= MAX_LENGTH;
+    if (!ret) {
+        LOGC(ATM_DOMAIN, ATM_TAG, "desc %{public}s is invalid.", desc.c_str());
+    }
+    return ret;
 }
 
 bool DataValidator::IsPermissionNameValid(const std::string& permissionName)
 {
     if (permissionName.empty() || (permissionName.length() > MAX_LENGTH)) {
-        LOGE(ATM_DOMAIN, ATM_TAG, "Invalid perm length(%{public}d).", static_cast<int32_t>(permissionName.length()));
+        LOGC(ATM_DOMAIN, ATM_TAG, "Invalid perm length(%{public}d).", static_cast<int32_t>(permissionName.length()));
         return false;
     }
     return true;
@@ -51,12 +63,17 @@ bool DataValidator::IsPermissionNameValid(const std::string& permissionName)
 
 bool DataValidator::IsUserIdValid(const int userId)
 {
-    return userId >= 0;
+    bool ret = (userId >= 0);
+    if (!ret) {
+        LOGC(ATM_DOMAIN, ATM_TAG, "userId %{public}d is invalid.", userId);
+    }
+    return ret;
 }
 
 bool DataValidator::IsAclExtendedMapSizeValid(const std::map<std::string, std::string>& aclExtendedMap)
 {
     if (aclExtendedMap.size() > MAX_EXTENDED_MAP_SIZE) {
+        LOGC(ATM_DOMAIN, ATM_TAG, "aclExtendedMap is oversize %{public}zu.", aclExtendedMap.size());
         return false;
     }
     return true;
@@ -69,7 +86,7 @@ bool DataValidator::IsAclExtendedMapContentValid(const std::string& permissionNa
     }
 
     if (value.empty() || (value.length() > MAX_VALUE_LENGTH)) {
-        LOGE(ATM_DOMAIN, ATM_TAG, "Invalid value length(%{public}d).", static_cast<int32_t>(value.length()));
+        LOGC(ATM_DOMAIN, ATM_TAG, "Invalid value length(%{public}d).", static_cast<int32_t>(value.length()));
         return false;
     }
     return true;
diff --git a/hisysevent.yaml b/hisysevent.yaml
index 9db48c4d2eaea49c94f6ddf5676e6e03c28dfd36..c59ebc41d2106651741f3365aee349eb8de81d17 100644
--- a/hisysevent.yaml
+++ b/hisysevent.yaml
@@ -19,6 +19,8 @@ ACCESSTOKEN_SERVICE_START:
   HAP_SIZE: {type: UINT32, desc: hap token size}
   NATIVE_SIZE: {type: UINT32, desc: native token size}
   PERM_DEFINITION_SIZE: {type: UINT32, desc: permission definition size}
+  DLP_PERMISSION_SIZE: {type: UINT32, desc: dlp permission size}
+  PARSE_CONFIG_FLAG: {type: UINT32, desc: parse config policy file value flag}
 
 ACCESSTOKEN_SERVICE_START_ERROR:
   __BASE: {type: FAULT, level: CRITICAL, desc: service startup error}
@@ -58,10 +60,21 @@ PERMISSION_SYNC:
 
 ADD_HAP:
   __BASE: {type: STATISTIC, level: MINOR, tag: usability, desc: add a hap to device}
+  SCENE_CODE: {type: INT32, desc: scene code}
   TOKENID: {type: UINT32, desc: token id}
+  ORI_TOKENID: {type: UINT32, desc: original token id}
+  TOKENIDEX: {type: UINT64, desc: token id ex}
   USERID: {type: INT32, desc: user id}
   BUNDLENAME: {type: STRING, desc: bundle name}
   INSTINDEX: {type: INT32, desc: inst index}
+  DLP_TYPE: {type: UINT32, desc: dlp type}
+  IS_RESTORE: {type: BOOL, desc: is restore scene}
+  PERM_INFO: {type: STRING, desc: request permission list}
+  ACL_INFO: {type: STRING, desc: acl permission list}
+  PREAUTH_INFO: {type: STRING, desc: preauth permission list}
+  EXTEND_INFO: {type: STRING, desc: extend permission map}
+  DURATION: {type: UINT64, desc: time required for installing an application}
+  ERROR_CODE: {type: INT32, desc: error code}
 
 DEL_HAP:
   __BASE: {type: STATISTIC, level: MINOR, tag: usability, desc: delete a hap from device}
@@ -69,6 +82,9 @@ DEL_HAP:
   USERID: {type: INT32, desc: user id}
   BUNDLENAME: {type: STRING, desc: bundle name}
   INSTINDEX: {type: INT32, desc: inst index}
+  SCENE_CODE: {type: INT32, desc: scene code}
+  ERROR_CODE: {type: INT32, desc: error code}
+  DURATION: {type: INT64, desc: duration}
 
 PERM_DIALOG_STATUS_INFO:
   __BASE: {type: STATISTIC, level: MINOR, desc: status information of permission dialog}
@@ -93,6 +109,11 @@ UPDATE_PERMISSION:
   PERMISSION_NAME: {type: STRING, desc: permission name}
   PERMISSION_FLAG: {type: UINT32, desc: permission flag}
   GRANTED_FLAG: {type: BOOL, desc: grant or revoke}
+  SCENE_CODE: {type: INT32, desc: scene code}
+  ERROR_CODE: {type: INT32, desc: error code}
+  USERID: {type: INT32, desc: user id}
+  BUNDLENAME: {type: STRING, desc: bundle name}
+  INSTINDEX: {type: INT32, desc: inst index}
 
 UPDATE_HAP:
   __BASE: {type: STATISTIC, level: MINOR, tag: usability, desc: update hap to device}
@@ -100,6 +121,14 @@ UPDATE_HAP:
   USERID: {type: INT32, desc: user id}
   BUNDLENAME: {type: STRING, desc: bundle name}
   INSTINDEX: {type: INT32, desc: inst index}
+  SCENE_CODE: {type: INT32, desc: scene code}
+  ERROR_CODE: {type: INT32, desc: error code}
+  TOKENIDEX: {type: UINT64, desc: tokenIDEx}
+  PERM_INFO: {type: STRING, desc: perm info}
+  ACL_INFO: {type: STRING, desc: acl info}
+  PREAUTH_INFO: {type: STRING, desc: pre-auth info}
+  EXTEND_INFO: {type: STRING, desc: extend info}
+  DURATION: {type: INT64, desc: duration}
 
 CLEAR_USER_PERMISSION_STATE:
   __BASE: {type: BEHAVIOR, level: MINOR, desc: clear user permission state}
@@ -136,3 +165,9 @@ VERIFY_ACCESS_TOKEN_EVENT:
   SELF_TOKENID: {type: UINT32, desc: self tokenID}
   CONTEXT_TOKENID: {type: UINT32, desc: context tokenID}
 
+ACCESSTOKEN_EXCEPTION:
+  __BASE: {type: FAULT, level: CRITICAL, desc: accesstoken exception}
+  SCENE_CODE: {type: INT32, desc: scene code}
+  ERROR_CODE: {type: INT32, desc: error code}
+  ERROR_MSG: {type: STRING, desc: error reason}
+
diff --git a/interfaces/innerkits/accesstoken/include/hap_token_info.h b/interfaces/innerkits/accesstoken/include/hap_token_info.h
index 5e80c3ced990c4fbc5d1b4aa6e8c9ded7bf34ade..0292fc3954e2382b8d7190d5eb50e6c5666719d8 100644
--- a/interfaces/innerkits/accesstoken/include/hap_token_info.h
+++ b/interfaces/innerkits/accesstoken/include/hap_token_info.h
@@ -96,12 +96,12 @@ public:
 class HapTokenInfo final {
 public:
     char ver;
-    int userID;
+    int userID = 0;
     std::string bundleName;
     /** which version of the SDK is used to develop this hap */
     int32_t apiVersion;
     /** instance index */
-    int instIndex;
+    int instIndex = 0;
     /**
      * dlp type, for details about the valid values,
      * see the definition of HapDlpType in the access_token.h file.
diff --git a/services/accesstokenmanager/main/cpp/include/dfx/hisysevent_adapter.h b/services/accesstokenmanager/main/cpp/include/dfx/hisysevent_adapter.h
index ea480d4406ad42e01a82271f1cf1d1fd4475c6d6..4e58271b2ef401406d100d6b524150554ee53069 100644
--- a/services/accesstokenmanager/main/cpp/include/dfx/hisysevent_adapter.h
+++ b/services/accesstokenmanager/main/cpp/include/dfx/hisysevent_adapter.h
@@ -17,6 +17,7 @@
 #define ACCESSTOKEN_HISYSEVENT_ADAPTER_H
 
 #include <string>
+#include "access_token.h"
 
 namespace OHOS {
 namespace Security {
@@ -34,9 +35,46 @@ enum UpdatePermStatusErrorCode {
     DLP_CHECK_FAILED = 1,
     UPDATE_PERMISSION_STATUS_FAILED = 2,
 };
+enum CommonSceneCode {
+    AT_COMMOM_START = 0,
+    AT_COMMON_FINISH = 1,
+};
+enum AddHapSceneCode {
+    INSTALL_START = 0,
+    TOKEN_ID_CHANGE,
+    INIT,
+    MAP,
+    INSTALL_FINISH,
+};
+struct AccessTokenDfxInfo {
+    AddHapSceneCode sceneCode;
+    AccessTokenID tokenId;
+    AccessTokenID oriTokenId;
+    AccessTokenIDEx tokenIdEx;
+    int32_t userId;
+    std::string bundleName;
+    int32_t instIndex;
+    HapDlpType dlpType;
+    bool isRestore;
+    std::string permInfo;
+    std::string aclInfo;
+    std::string preauthInfo;
+    std::string extendInfo;
+    int64_t duration;
+    int32_t errorCode;
+    int32_t pid;
+    uint32_t hapSize;
+    uint32_t nativeSize;
+    uint32_t permDefSize;
+    uint32_t dlpSize;
+    uint32_t parseConfigFlag;
+};
 void ReportSysEventPerformance();
-void ReportSysEventServiceStart(int32_t pid, uint32_t hapSize, uint32_t nativeSize, uint32_t permDefSize);
+void ReportSysEventServiceStart(const AccessTokenDfxInfo& info);
 void ReportSysEventServiceStartError(SceneCode scene, const std::string& errMsg, int32_t errCode);
+void ReportSysCommonEventError(int32_t ipcCode, int32_t errCode);
+void ReportSysEventAddHap(const AccessTokenDfxInfo& info);
+
 } // namespace AccessToken
 } // namespace Security
 } // namespace OHOS
diff --git a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h
index e0b4eb58ccdf3f6fbfdd309c3a3abb4c9fa93fc9..14cd8a00aa4e814b859d692a3833e5c01217747a 100644
--- a/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h
+++ b/services/accesstokenmanager/main/cpp/include/permission/permission_manager.h
@@ -67,6 +67,8 @@ public:
         const std::string& bundleName, const std::string& abilityName);
     int32_t CheckAndUpdatePermission(AccessTokenID tokenID, const std::string& permissionName,
         bool isGranted, uint32_t flag);
+    int32_t CheckAndUpdatePermissionInner(AccessTokenID tokenID, const std::string& permissionName,
+        bool isGranted, uint32_t flag);
     int32_t UpdatePermission(AccessTokenID tokenID, const std::string& permissionName,
         bool isGranted, uint32_t flag, bool needKill);
     int32_t GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag);
diff --git a/services/accesstokenmanager/main/cpp/include/permission/temp_permission_observer.h b/services/accesstokenmanager/main/cpp/include/permission/temp_permission_observer.h
index c9e96dc8fbebb0d7424011f45ede90f256204160..c910d555d538cf57aab9b1a7002294b71ea2a276 100644
--- a/services/accesstokenmanager/main/cpp/include/permission/temp_permission_observer.h
+++ b/services/accesstokenmanager/main/cpp/include/permission/temp_permission_observer.h
@@ -120,7 +120,7 @@ private:
     std::shared_ptr<AccessEventHandler> eventHandler_;
     std::mutex eventHandlerLock_;
 #endif
-    int32_t cancleTimes_;
+    int32_t cancelTimes_;
     std::mutex tempPermissionMutex_;
     std::map<AccessTokenID, std::vector<bool>> tempPermTokenMap_;
 
diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h
index befb3df1bcf8fc6344b1f543c97d2ae639eac167..05fb55f9213bc50095b3f2f50a3b17ba63819572 100644
--- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h
+++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h
@@ -26,6 +26,7 @@
 #include "access_token.h"
 #include "hap_token_info.h"
 #include "iremote_object.h"
+#include "json_parse_loader.h"
 #include "nocopyable.h"
 #include "singleton.h"
 #include "system_ability.h"
@@ -117,10 +118,17 @@ public:
 private:
     void GetValidConfigFilePathList(std::vector<std::string>& pathList);
     bool GetConfigGrantValueFromFile(std::string& fileContent);
-    void GetConfigValue();
+    void SetFlagIfNeed(const AccessTokenServiceConfig& atConfig, int32_t& cancelTime, uint32_t& parseConfigFlag);
+    void GetConfigValue(uint32_t& parseConfigFlag);
     bool Initialize();
     void AccessTokenServiceParamSet() const;
     PermissionOper GetPermissionsState(AccessTokenID tokenID, std::vector<PermissionListStateParcel>& reqPermList);
+    int32_t UpdateHapTokenCore(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info,
+        const HapPolicyParcel& policyParcel, HapInfoCheckResult& result);
+    void ReportAddHap(const HapInfoParcel& info, const HapPolicyParcel& policy);
+    void ReportAddHapFinish(AccessTokenIDEx fullTokenId, const HapInfoParcel& info, int64_t beginTime,
+        int32_t errorCode);
+
     ServiceRunningState state_;
     std::string grantBundleName_;
     std::string grantAbilityName_;
diff --git a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h
index e2819047c99c233651cb6cac02c080695511f758..80637afd24ea1bac048f5d9d319c9d4cf61ce68b 100644
--- a/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h
+++ b/services/accesstokenmanager/main/cpp/include/token/accesstoken_info_manager.h
@@ -46,7 +46,7 @@ class AccessTokenInfoManager final {
 public:
     static AccessTokenInfoManager& GetInstance();
     ~AccessTokenInfoManager();
-    void Init();
+    void Init(uint32_t& hapSize, uint32_t& nativeSize, uint32_t& pefDefSize, uint32_t& dlpSize);
     void InitNativeTokenInfos(const std::vector<NativeTokenInfoBase>& tokenInfos);
     int32_t GetTokenIDByUserID(int32_t userID, std::unordered_set<AccessTokenID>& tokenIdList);
     std::shared_ptr<HapTokenInfoInner> GetHapTokenInfoInner(AccessTokenID id);
@@ -104,10 +104,14 @@ private:
     AccessTokenInfoManager();
     DISALLOW_COPY_AND_MOVE(AccessTokenInfoManager);
 
+    int32_t AddHapInfoToCache(const GenericValues& tokenValue, const std::vector<GenericValues>& permStateRes,
+        const std::vector<GenericValues>& extendedPermRes);
     void InitHapTokenInfos(uint32_t& hapSize);
-    int AddHapTokenInfo(const std::shared_ptr<HapTokenInfoInner>& info);
+    void ReportAddHapIdChange(const std::shared_ptr<HapTokenInfoInner>& hapInfo, AccessTokenID oriTokenId);
+    int AddHapTokenInfo(const std::shared_ptr<HapTokenInfoInner>& info, AccessTokenID& oriTokenId);
     std::string GetHapUniqueStr(const std::shared_ptr<HapTokenInfoInner>& info) const;
     std::string GetHapUniqueStr(const int& userID, const std::string& bundleName, const int& instIndex) const;
+    int32_t RegisterTokenId(const HapInfoParams& info, AccessTokenID& tokenId);
     int AddHapTokenInfoToDb(const std::shared_ptr<HapTokenInfoInner>& hapInfo,
         const std::string& appId, const HapPolicy& policy, bool isUpdate);
     int RemoveHapTokenInfoFromDb(const std::shared_ptr<HapTokenInfoInner>& info);
diff --git a/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h b/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h
index 4b0c7ef8234d63ec54af59ae7010314af283ceaf..e0d3ad63e3f8e9c113ca920d623fe8a63c546036 100644
--- a/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h
+++ b/services/accesstokenmanager/main/cpp/include/token/hap_token_info_inner.h
@@ -52,6 +52,7 @@ public:
     HapTokenInfo GetHapInfoBasic() const;
     int GetUserID() const;
     int GetDlpType() const;
+    AccessTokenAttr GetAttr() const;
     std::string GetBundleName() const;
     int GetInstIndex() const;
     AccessTokenID GetTokenID() const;
diff --git a/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp b/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp
index cbcbd7400900aae00fb294791d611cee47717157..d2f056fdff908295cb0f7e04b44297bc1af3d1a6 100644
--- a/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp
+++ b/services/accesstokenmanager/main/cpp/src/database/access_token_db.cpp
@@ -64,14 +64,14 @@ int32_t AccessTokenDb::RestoreAndInsertIfCorrupt(const int32_t resultCode, int64
     LOGW(ATM_DOMAIN, ATM_TAG, "Detech database corrupt, restore from backup!");
     int32_t res = db->Restore("");
     if (res != NativeRdb::E_OK) {
-        LOGE(ATM_DOMAIN, ATM_TAG, "Db restore failed, res is %{public}d.", res);
+        LOGC(ATM_DOMAIN, ATM_TAG, "Db restore failed, res is %{public}d.", res);
         return res;
     }
     LOGI(ATM_DOMAIN, ATM_TAG, "Database restore success, try insert again!");
 
     res = db->BatchInsert(outInsertNum, tableName, buckets);
     if (res != NativeRdb::E_OK) {
-        LOGE(ATM_DOMAIN, ATM_TAG, "Failed to batch insert into table %{public}s again, res is %{public}d.",
+        LOGC(ATM_DOMAIN, ATM_TAG, "Failed to batch insert into table %{public}s again, res is %{public}d.",
             tableName.c_str(), res);
         return res;
     }
@@ -160,14 +160,14 @@ int32_t AccessTokenDb::RestoreAndDeleteIfCorrupt(const int32_t resultCode, int32
     LOGW(ATM_DOMAIN, ATM_TAG, "Detech database corrupt, restore from backup!");
     int32_t res = db->Restore("");
     if (res != NativeRdb::E_OK) {
-        LOGE(ATM_DOMAIN, ATM_TAG, "Db restore failed, res is %{public}d.", res);
+        LOGC(ATM_DOMAIN, ATM_TAG, "Db restore failed, res is %{public}d.", res);
         return res;
     }
     LOGI(ATM_DOMAIN, ATM_TAG, "Database restore success, try delete again!");
 
     res = db->Delete(deletedRows, predicates);
     if (res != NativeRdb::E_OK) {
-        LOGE(ATM_DOMAIN, ATM_TAG, "Failed to delete record from table %{public}s again, res is %{public}d.",
+        LOGC(ATM_DOMAIN, ATM_TAG, "Failed to delete record from table %{public}s again, res is %{public}d.",
             predicates.GetTableName().c_str(), res);
         return res;
     }
@@ -220,14 +220,14 @@ int32_t AccessTokenDb::RestoreAndUpdateIfCorrupt(const int32_t resultCode, int32
     LOGW(ATM_DOMAIN, ATM_TAG, "Detech database corrupt, restore from backup!");
     int32_t res = db->Restore("");
     if (res != NativeRdb::E_OK) {
-        LOGE(ATM_DOMAIN, ATM_TAG, "Db restore failed, res is %{public}d.", res);
+        LOGC(ATM_DOMAIN, ATM_TAG, "Db restore failed, res is %{public}d.", res);
         return res;
     }
     LOGI(ATM_DOMAIN, ATM_TAG, "Database restore success, try update again!");
 
     res = db->Update(changedRows, bucket, predicates);
     if (res != NativeRdb::E_OK) {
-        LOGE(ATM_DOMAIN, ATM_TAG, "Failed to update record from table %{public}s again, res is %{public}d.",
+        LOGC(ATM_DOMAIN, ATM_TAG, "Failed to update record from table %{public}s again, res is %{public}d.",
             predicates.GetTableName().c_str(), res);
         return res;
     }
@@ -242,6 +242,7 @@ int32_t AccessTokenDb::Modify(const AtmDataType type, const GenericValues& modif
     std::string tableName;
     AccessTokenDbUtil::GetTableNameByType(type, tableName);
     if (tableName.empty()) {
+        LOGC(ATM_DOMAIN, ATM_TAG, "Get table name failed, type=%{public}d!", static_cast<int32_t>(type));
         return AccessTokenError::ERR_PARAM_INVALID;
     }
 
@@ -249,6 +250,7 @@ int32_t AccessTokenDb::Modify(const AtmDataType type, const GenericValues& modif
 
     AccessTokenDbUtil::ToRdbValueBucket(modifyValue, bucket);
     if (bucket.IsEmpty()) {
+        LOGC(ATM_DOMAIN, ATM_TAG, "To rdb value bucket failed!");
         return AccessTokenError::ERR_PARAM_INVALID;
     }
 
@@ -260,7 +262,7 @@ int32_t AccessTokenDb::Modify(const AtmDataType type, const GenericValues& modif
         OHOS::Utils::UniqueWriteGuard<OHOS::Utils::RWLock> lock(this->rwLock_);
         auto db = GetRdb();
         if (db == nullptr) {
-            LOGE(ATM_DOMAIN, ATM_TAG, "db is nullptr.");
+            LOGC(ATM_DOMAIN, ATM_TAG, "db is nullptr.");
             return AccessTokenError::ERR_DATABASE_OPERATE_FAILED;
         }
 
@@ -270,6 +272,7 @@ int32_t AccessTokenDb::Modify(const AtmDataType type, const GenericValues& modif
                 tableName.c_str(), res);
             int32_t result = RestoreAndUpdateIfCorrupt(res, changedRows, bucket, predicates, db);
             if (result != NativeRdb::E_OK) {
+                LOGC(ATM_DOMAIN, ATM_TAG, "Failed to restore and update, result is %{public}d.", result);
                 return result;
             }
         }
@@ -296,19 +299,19 @@ int32_t AccessTokenDb::RestoreAndQueryIfCorrupt(const NativeRdb::RdbPredicates&
             LOGW(ATM_DOMAIN, ATM_TAG, "Detech database corrupt, restore from backup!");
             res = db->Restore("");
             if (res != NativeRdb::E_OK) {
-                LOGE(ATM_DOMAIN, ATM_TAG, "Db restore failed, res is %{public}d.", res);
+                LOGC(ATM_DOMAIN, ATM_TAG, "Db restore failed, res is %{public}d.", res);
                 return res;
             }
             LOGI(ATM_DOMAIN, ATM_TAG, "Database restore success, try query again!");
 
             queryResultSet = db->Query(predicates, columns);
             if (queryResultSet == nullptr) {
-                LOGE(ATM_DOMAIN, ATM_TAG, "Failed to find records from table %{public}s again.",
+                LOGC(ATM_DOMAIN, ATM_TAG, "Failed to find records from table %{public}s again.",
                     predicates.GetTableName().c_str());
                 return AccessTokenError::ERR_DATABASE_OPERATE_FAILED;
             }
         } else {
-            LOGE(ATM_DOMAIN, ATM_TAG, "Failed to get result count.");
+            LOGC(ATM_DOMAIN, ATM_TAG, "Failed to get result count.");
             return AccessTokenError::ERR_DATABASE_OPERATE_FAILED;
         }
     }
@@ -335,19 +338,20 @@ int32_t AccessTokenDb::Find(AtmDataType type, const GenericValues& conditionValu
         OHOS::Utils::UniqueReadGuard<OHOS::Utils::RWLock> lock(this->rwLock_);
         auto db = GetRdb();
         if (db == nullptr) {
-            LOGE(ATM_DOMAIN, ATM_TAG, "db is nullptr.");
+            LOGC(ATM_DOMAIN, ATM_TAG, "db is nullptr.");
             return AccessTokenError::ERR_DATABASE_OPERATE_FAILED;
         }
 
         auto queryResultSet = db->Query(predicates, columns);
         if (queryResultSet == nullptr) {
-            LOGE(ATM_DOMAIN, ATM_TAG, "Failed to find records from table %{public}s.",
+            LOGC(ATM_DOMAIN, ATM_TAG, "Failed to find records from table %{public}s.",
                 tableName.c_str());
             return AccessTokenError::ERR_DATABASE_OPERATE_FAILED;
         }
 
         int32_t res = RestoreAndQueryIfCorrupt(predicates, columns, queryResultSet, db);
         if (res != 0) {
+            LOGC(ATM_DOMAIN, ATM_TAG, "Restore and query failed!");
             return res;
         }
 
@@ -380,14 +384,14 @@ int32_t AccessTokenDb::RestoreAndCommitIfCorrupt(const int32_t resultCode,
     LOGW(ATM_DOMAIN, ATM_TAG, "Detech database corrupt, restore from backup!");
     int32_t res = db->Restore("");
     if (res != NativeRdb::E_OK) {
-        LOGE(ATM_DOMAIN, ATM_TAG, "Db restore failed, res is %{public}d.", res);
+        LOGC(ATM_DOMAIN, ATM_TAG, "Db restore failed, res is %{public}d.", res);
         return res;
     }
     LOGI(ATM_DOMAIN, ATM_TAG, "Database restore success, try commit again!");
 
     res = db->Commit();
     if (res != NativeRdb::E_OK) {
-        LOGE(ATM_DOMAIN, ATM_TAG, "Failed to Commit again, res is %{public}d.", res);
+        LOGC(ATM_DOMAIN, ATM_TAG, "Failed to Commit again, res is %{public}d.", res);
         return res;
     }
 
@@ -404,7 +408,7 @@ int32_t AccessTokenDb::DeleteAndInsertValues(
         OHOS::Utils::UniqueWriteGuard<OHOS::Utils::RWLock> lock(this->rwLock_);
         std::shared_ptr<NativeRdb::RdbStore> db = GetRdb();
         if (db == nullptr) {
-            LOGE(ATM_DOMAIN, ATM_TAG, "db is nullptr.");
+            LOGC(ATM_DOMAIN, ATM_TAG, "db is nullptr.");
             return AccessTokenError::ERR_DATABASE_OPERATE_FAILED;
         }
 
@@ -416,6 +420,7 @@ int32_t AccessTokenDb::DeleteAndInsertValues(
             res = RemoveValues(delDataTypes[i], delValues[i]);
             if (res != 0) {
                 db->RollBack();
+                LOGC(ATM_DOMAIN, ATM_TAG, "Remove values failed, res is %{public}d.", res);
                 return res;
             }
         }
@@ -425,6 +430,7 @@ int32_t AccessTokenDb::DeleteAndInsertValues(
             res = AddValues(addDataTypes[i], addValues[i]);
             if (res != 0) {
                 db->RollBack();
+                LOGC(ATM_DOMAIN, ATM_TAG, "Add values failed, res is %{public}d.", res);
                 return res;
             }
         }
@@ -434,6 +440,7 @@ int32_t AccessTokenDb::DeleteAndInsertValues(
             LOGE(ATM_DOMAIN, ATM_TAG, "Failed to commit, res is %{public}d.", res);
             int32_t result = RestoreAndCommitIfCorrupt(res, db);
             if (result != NativeRdb::E_OK) {
+                LOGC(ATM_DOMAIN, ATM_TAG, "Failed to restore and commit, result is %{public}d.", result);
                 return result;
             }
         }
diff --git a/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp b/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp
index 18558ee01ff2c7a3d5b34c505385f8f4ef4b849a..f13756be48d35cc2d04d19dd1e8505f798554d21 100644
--- a/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp
+++ b/services/accesstokenmanager/main/cpp/src/dfx/hisysevent_adapter.cpp
@@ -39,11 +39,13 @@ void ReportSysEventPerformance()
     }
 }
 
-void ReportSysEventServiceStart(int32_t pid, uint32_t hapSize, uint32_t nativeSize, uint32_t permDefSize)
+void ReportSysEventServiceStart(const AccessTokenDfxInfo& info)
 {
     int32_t ret = HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "ACCESSTOKEN_SERVICE_START",
         HiviewDFX::HiSysEvent::EventType::STATISTIC,
-        "PID", pid, "HAP_SIZE", hapSize, "NATIVE_SIZE", nativeSize, "PERM_DEFINITION_SIZE", permDefSize);
+        "PID", info.pid, "HAP_SIZE", info.hapSize, "NATIVE_SIZE", info.nativeSize,
+        "PERM_DEFINITION_SIZE", info.permDefSize, "DLP_PERMISSION_SIZE", info.dlpSize,
+        "PARSE_CONFIG_FLAG", info.parseConfigFlag);
     if (ret != 0) {
         LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write hisysevent write, ret %{public}d.", ret);
     }
@@ -57,6 +59,42 @@ void ReportSysEventServiceStartError(SceneCode scene, const std::string& errMsg,
         LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write hisysevent write, ret %{public}d.", ret);
     }
 }
+
+void ReportSysCommonEventError(int32_t ipcCode, int32_t errCode)
+{
+    if (GetThreadErrorMsgLen() == 0) {
+        return;
+    }
+    int32_t ret = HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "ACCESSTOKEN_EXCEPTION",
+        HiviewDFX::HiSysEvent::EventType::FAULT, "SCENE_CODE", ipcCode, "ERROR_CODE", errCode,
+        "ERROR_MSG", GetThreadErrorMsg());
+    if (ret != 0) {
+        LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write hisysevent write, ret %{public}d.", ret);
+    }
+    ClearThreadErrorMsg();
+}
+
+void ReportSysEventAddHap(const AccessTokenDfxInfo& info)
+{
+    if ((info.sceneCode != AddHapSceneCode::INSTALL_START) &&
+        (info.sceneCode != AddHapSceneCode::TOKEN_ID_CHANGE) &&
+        (info.sceneCode != AddHapSceneCode::INIT) &&
+        (info.sceneCode != AddHapSceneCode::MAP) &&
+        (info.sceneCode != AddHapSceneCode::INSTALL_FINISH)) {
+        return;
+    }
+    int32_t res = HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "ADD_HAP",
+        HiviewDFX::HiSysEvent::EventType::STATISTIC,
+        "SCENE_CODE", info.sceneCode, "TOKENID", info.tokenId, "ORI_TOKENID", info.oriTokenId,
+        "TOKENIDEX", static_cast<uint64_t>(info.tokenIdEx.tokenIDEx), "USERID", info.userId,
+        "BUNDLENAME", info.bundleName, "INSTINDEX", info.instIndex, "DLP_TYPE", info.dlpType,
+        "IS_RESTORE", info.isRestore, "PERM_INFO", info.permInfo, "ACL_INFO", info.aclInfo,
+        "PREAUTH_INFO", info.preauthInfo, "EXTEND_INFO", info.extendInfo, "DURATION", info.duration,
+        "ERROR_CODE", info.errorCode);
+    if (res != 0) {
+        LOGE(ATM_DOMAIN, ATM_TAG, "Failed to write hisysevent write, ret %{public}d.", res);
+    }
+}
 } // namespace AccessToken
 } // namespace Security
 } // namespace OHOS
\ No newline at end of file
diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp
index 845a52f24a4039ed0298ca3703bf9ea40943c987..fbcdb96455c56497169f7978bfc84b4ae2522635 100644
--- a/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp
+++ b/services/accesstokenmanager/main/cpp/src/permission/permission_data_brief.cpp
@@ -409,7 +409,7 @@ int32_t PermissionDataBrief::UpdatePermStateList(
 {
     auto iterPermData = requestedPermData_.find(tokenId);
     if (iterPermData == requestedPermData_.end()) {
-        LOGE(ATM_DOMAIN, ATM_TAG, "TokenID %{public}d is not exist.", tokenId);
+        LOGC(ATM_DOMAIN, ATM_TAG, "TokenID %{public}d is not exist.", tokenId);
         return ERR_TOKEN_INVALID;
     }
     std::vector<BriefPermData>& permBriefDatalist = requestedPermData_[tokenId];
@@ -418,12 +418,12 @@ int32_t PermissionDataBrief::UpdatePermStateList(
             return opCode == permData.permCode;
         });
     if (iter == permBriefDatalist.end()) {
-        LOGE(ATM_DOMAIN, ATM_TAG, "Permission not request!");
+        LOGC(ATM_DOMAIN, ATM_TAG, "Permission not request!");
         return AccessTokenError::ERR_PARAM_INVALID;
     }
     
     if ((static_cast<uint32_t>(iter->flag) & PERMISSION_SYSTEM_FIXED) == PERMISSION_SYSTEM_FIXED) {
-        LOGE(ATM_DOMAIN, ATM_TAG, "Permission fixed by system!");
+        LOGC(ATM_DOMAIN, ATM_TAG, "Permission fixed by system!");
         return AccessTokenError::ERR_PARAM_INVALID;
     }
     iter->status = isGranted ? PERMISSION_GRANTED : PERMISSION_DENIED;
@@ -448,7 +448,7 @@ int32_t PermissionDataBrief::UpdateSecCompGrantedPermList(AccessTokenID tokenId,
             if (status == PERMISSION_GRANTED) {
                 return RET_SUCCESS;
             } else {
-                LOGE(ATM_DOMAIN, ATM_TAG, "Permission has been revoked by user.");
+                LOGC(ATM_DOMAIN, ATM_TAG, "Permission has been revoked by user.");
                 return ERR_PERMISSION_DENIED;
             }
         } else {
diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp
index 74d7934018f6057452cf25f8082a3b12e706e9a5..817da8dd5c93c268de86da737529da5681b64dbf 100644
--- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp
+++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp
@@ -25,6 +25,7 @@
 #include "accesstoken_id_manager.h"
 #include "accesstoken_info_manager.h"
 #include "accesstoken_common_log.h"
+#include "accesstoken_service_ipc_interface_code.h"
 #include "access_token_db.h"
 #include "app_manager_access_client.h"
 #include "callback_manager.h"
@@ -345,7 +346,7 @@ int32_t PermissionManager::UpdateTokenPermissionState(
 {
     std::shared_ptr<HapTokenInfoInner> infoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(id);
     if (infoPtr == nullptr) {
-        LOGE(ATM_DOMAIN, ATM_TAG, "tokenInfo is null, tokenId=%{public}u", id);
+        LOGC(ATM_DOMAIN, ATM_TAG, "tokenInfo is null, tokenId=%{public}u", id);
         return AccessTokenError::ERR_TOKENID_NOT_EXIST;
     }
 
@@ -359,6 +360,7 @@ int32_t PermissionManager::UpdateTokenPermissionState(
     bool statusChanged = false;
     ret = infoPtr->UpdatePermissionStatus(permission, isGranted, flag, statusChanged);
     if (ret != RET_SUCCESS) {
+        LOGC(ATM_DOMAIN, ATM_TAG, "Update info perm status failed, ret is %{public}d", ret);
         HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_PERMISSION_STATUS_ERROR",
             HiviewDFX::HiSysEvent::EventType::FAULT, "ERROR_CODE", UPDATE_PERMISSION_STATUS_FAILED, "TOKENID", id,
             "PERM", permission, "BUNDLE_NAME", infoPtr->GetBundleName(), "INT_VAL1", ret,
@@ -389,12 +391,12 @@ int32_t PermissionManager::UpdateTokenPermissionStateCheck(const std::shared_ptr
     AccessTokenID id, const std::string& permission, bool isGranted, uint32_t flag)
 {
     if (infoPtr->IsRemote()) {
-        LOGE(ATM_DOMAIN, ATM_TAG, "Remote token can not update");
+        LOGC(ATM_DOMAIN, ATM_TAG, "Remote token can not update");
         return AccessTokenError::ERR_IDENTITY_CHECK_FAILED;
     }
     if ((flag == PERMISSION_ALLOW_THIS_TIME) && isGranted) {
         if (!TempPermissionObserver::GetInstance().IsAllowGrantTempPermission(id, permission)) {
-            LOGE(ATM_DOMAIN, ATM_TAG, "Id:%{public}d fail to grant permission:%{public}s", id, permission.c_str());
+            LOGC(ATM_DOMAIN, ATM_TAG, "Id:%{public}d fail to grant permission:%{public}s", id, permission.c_str());
             return ERR_IDENTITY_CHECK_FAILED;
         }
     }
@@ -404,7 +406,7 @@ int32_t PermissionManager::UpdateTokenPermissionStateCheck(const std::shared_ptr
     if (hapDlpType != DLP_COMMON) {
         int32_t permDlpMode = DlpPermissionSetManager::GetInstance().GetPermDlpMode(permission);
         if (!DlpPermissionSetManager::GetInstance().IsPermDlpModeAvailableToDlpHap(hapDlpType, permDlpMode)) {
-            LOGD(ATM_DOMAIN, ATM_TAG, "%{public}s cannot to be granted to %{public}u", permission.c_str(), id);
+            LOGC(ATM_DOMAIN, ATM_TAG, "%{public}s cannot to be granted to %{public}u", permission.c_str(), id);
             HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_PERMISSION_STATUS_ERROR",
                 HiviewDFX::HiSysEvent::EventType::FAULT, "ERROR_CODE", DLP_CHECK_FAILED, "TOKENID", id, "PERM",
                 permission, "BUNDLE_NAME", infoPtr->GetBundleName(), "INT_VAL1", hapDlpType, "INT_VAL2", permDlpMode);
@@ -420,6 +422,8 @@ int32_t PermissionManager::UpdatePermission(AccessTokenID tokenID, const std::st
 {
     int32_t ret = UpdateTokenPermissionState(tokenID, permissionName, isGranted, flag, needKill);
     if (ret != RET_SUCCESS) {
+        LOGC(ATM_DOMAIN, ATM_TAG, "Update permission %{public}u %{public}s failed, ret is %{public}d", tokenID,
+            permissionName.c_str(), ret);
         return ret;
     }
 
@@ -432,10 +436,6 @@ int32_t PermissionManager::UpdatePermission(AccessTokenID tokenID, const std::st
     }
 #endif
 
-    // DFX
-    HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_PERMISSION",
-        HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "TOKENID", tokenID, "PERMISSION_NAME",
-        permissionName, "PERMISSION_FLAG", flag, "GRANTED_FLAG", isGranted);
     return RET_SUCCESS;
 }
 
@@ -443,15 +443,15 @@ int32_t PermissionManager::CheckAndUpdatePermission(AccessTokenID tokenID, const
     bool isGranted, uint32_t flag)
 {
     if (!PermissionValidator::IsPermissionNameValid(permissionName)) {
-        LOGE(ATM_DOMAIN, ATM_TAG, "permissionName: %{public}s, Invalid params!", permissionName.c_str());
+        LOGC(ATM_DOMAIN, ATM_TAG, "permissionName: %{public}s, Invalid params!", permissionName.c_str());
         return AccessTokenError::ERR_PARAM_INVALID;
     }
     if (!IsDefinedPermission(permissionName)) {
-        LOGE(ATM_DOMAIN, ATM_TAG, "No definition for permission: %{public}s!", permissionName.c_str());
+        LOGC(ATM_DOMAIN, ATM_TAG, "No definition for permission: %{public}s!", permissionName.c_str());
         return AccessTokenError::ERR_PERMISSION_NOT_EXIST;
     }
     if (!PermissionValidator::IsPermissionFlagValid(flag)) {
-        LOGE(ATM_DOMAIN, ATM_TAG, "flag: %{public}d, Invalid params!", flag);
+        LOGC(ATM_DOMAIN, ATM_TAG, "flag: %{public}d, Invalid params!", flag);
         return AccessTokenError::ERR_PARAM_INVALID;
     }
     bool needKill = false;
@@ -465,18 +465,45 @@ int32_t PermissionManager::CheckAndUpdatePermission(AccessTokenID tokenID, const
     return UpdatePermission(tokenID, permissionName, isGranted, flag, needKill);
 }
 
+int32_t PermissionManager::CheckAndUpdatePermissionInner(AccessTokenID tokenID, const std::string& permissionName,
+    bool isGranted, uint32_t flag)
+{
+    HapTokenInfo hapInfo;
+    AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenID, hapInfo);
+    ClearThreadErrorMsg();
+    HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_PERMISSION",
+        HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "SCENE_CODE", CommonSceneCode::AT_COMMOM_START,
+        "TOKENID", tokenID, "USERID", hapInfo.userID, "BUNDLENAME", hapInfo.bundleName, "INSTINDEX", hapInfo.instIndex,
+        "PERMISSION_NAME", permissionName, "PERMISSION_FLAG", flag, "GRANTED_FLAG", isGranted);
+
+    int32_t ret = CheckAndUpdatePermission(tokenID, permissionName, isGranted, flag);
+
+    uint32_t newFlag = flag;
+    if (ret == RET_SUCCESS && GetPermissionFlag(tokenID, permissionName, flag) == RET_SUCCESS) {
+        flag = newFlag;
+    }
+
+    HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_PERMISSION",
+        HiviewDFX::HiSysEvent::EventType::BEHAVIOR, "SCENE_CODE", CommonSceneCode::AT_COMMON_FINISH,
+        "TOKENID", tokenID, "PERMISSION_NAME", permissionName, "PERMISSION_FLAG", flag, "GRANTED_FLAG", isGranted,
+        "ERROR_CODE", ret);
+    ReportSysCommonEventError(static_cast<int32_t>(isGranted ? AccessTokenInterfaceCode::GRANT_PERMISSION :
+        AccessTokenInterfaceCode::REVOKE_PERMISSION), ret);
+    return ret;
+}
+
 int32_t PermissionManager::GrantPermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag)
 {
     LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}u, permissionName: %{public}s, flag: %{public}d",
         tokenID, permissionName.c_str(), flag);
-    return CheckAndUpdatePermission(tokenID, permissionName, true, flag);
+    return CheckAndUpdatePermissionInner(tokenID, permissionName, true, flag);
 }
 
 int32_t PermissionManager::RevokePermission(AccessTokenID tokenID, const std::string& permissionName, uint32_t flag)
 {
     LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}u, permissionName: %{public}s, flag: %{public}d",
         tokenID, permissionName.c_str(), flag);
-    return CheckAndUpdatePermission(tokenID, permissionName, false, flag);
+    return CheckAndUpdatePermissionInner(tokenID, permissionName, false, flag);
 }
 
 int32_t PermissionManager::GrantPermissionForSpecifiedTime(
@@ -803,7 +830,7 @@ bool IsAclSatisfied(const PermissionBriefDef& briefDef, const HapPolicy& policy)
 
     if (policy.apl < briefDef.availableLevel) {
         if (!briefDef.provisionEnable) {
-            LOGE(ATM_DOMAIN, ATM_TAG, "%{public}s provisionEnable is false.", briefDef.permissionName);
+            LOGC(ATM_DOMAIN, ATM_TAG, "%{public}s provisionEnable is false.", briefDef.permissionName);
             return false;
         }
         bool isAclExist = false;
@@ -820,7 +847,7 @@ bool IsAclSatisfied(const PermissionBriefDef& briefDef, const HapPolicy& policy)
         }
         
         if (!isAclExist) {
-            LOGE(ATM_DOMAIN, ATM_TAG, "%{public}s need acl.", briefDef.permissionName);
+            LOGC(ATM_DOMAIN, ATM_TAG, "%{public}s need acl.", briefDef.permissionName);
             return false;
         }
     }
@@ -892,7 +919,7 @@ bool PermissionManager::InitPermissionList(const std::string& appDistributionTyp
         if (!IsAclSatisfied(briefDef, policy)) {
             result.permCheckResult.permissionName = state.permissionName;
             result.permCheckResult.rule = PERMISSION_ACL_RULE;
-            LOGE(ATM_DOMAIN, ATM_TAG, "Acl of %{public}s is invalid.", briefDef.permissionName);
+            LOGC(ATM_DOMAIN, ATM_TAG, "Acl of %{public}s is invalid.", briefDef.permissionName);
             return false;
         }
 
@@ -900,7 +927,7 @@ bool PermissionManager::InitPermissionList(const std::string& appDistributionTyp
         if (!IsPermAvailableRangeSatisfied(briefDef, appDistributionType)) {
             result.permCheckResult.permissionName = state.permissionName;
             result.permCheckResult.rule = PERMISSION_EDM_RULE;
-            LOGE(ATM_DOMAIN, ATM_TAG, "Available range of %{public}s is invalid.", briefDef.permissionName);
+            LOGC(ATM_DOMAIN, ATM_TAG, "Available range of %{public}s is invalid.", briefDef.permissionName);
             return false;
         }
         state.grantFlag = PERMISSION_DEFAULT_FLAG;
diff --git a/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp b/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp
index ccb878ac6e04331fee9a7f2da4861c312c4f9720..6536aa1c34a04450d96c62efcede0850028454d4 100644
--- a/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp
+++ b/services/accesstokenmanager/main/cpp/src/permission/temp_permission_observer.cpp
@@ -214,7 +214,7 @@ void PermissionAppManagerDeathCallback::NotifyAppManagerDeath()
     TempPermissionObserver::GetInstance().OnAppMgrRemoteDiedHandle();
 }
 
-TempPermissionObserver::TempPermissionObserver() : cancleTimes_(DEFAULT_CANCLE_MILLISECONDS)
+TempPermissionObserver::TempPermissionObserver() : cancelTimes_(DEFAULT_CANCLE_MILLISECONDS)
 {}
 
 TempPermissionObserver::~TempPermissionObserver()
@@ -425,12 +425,12 @@ bool TempPermissionObserver::IsAllowGrantTempPermission(AccessTokenID tokenID, c
 {
     HapTokenInfo tokenInfo;
     if (AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenID, tokenInfo) != RET_SUCCESS) {
-        LOGE(ATM_DOMAIN, ATM_TAG, "Invalid tokenId(%{public}d)", tokenID);
+        LOGC(ATM_DOMAIN, ATM_TAG, "Invalid tokenId(%{public}d)", tokenID);
         return false;
     }
     auto iterator = std::find(g_tempPermission.begin(), g_tempPermission.end(), permissionName);
     if (iterator == g_tempPermission.end()) {
-        LOGW(ATM_DOMAIN, ATM_TAG, "Permission is not available to temp grant: %{public}s!", permissionName.c_str());
+        LOGC(ATM_DOMAIN, ATM_TAG, "Permission is not available to temp grant: %{public}s!", permissionName.c_str());
         return false;
     }
     return CheckPermissionState(tokenID, permissionName, tokenInfo.bundleName);
@@ -633,7 +633,7 @@ bool TempPermissionObserver::DelayRevokePermission(AccessToken::AccessTokenID to
         TempPermissionObserver::GetInstance().RevokeAllTempPermission(tokenID);
         LOGI(ATM_DOMAIN, ATM_TAG, "Token: %{public}d, delay revoke permission end", tokenID);
     });
-    eventHandler->ProxyPostTask(delayed, taskName, cancleTimes_);
+    eventHandler->ProxyPostTask(delayed, taskName, cancelTimes_);
     return true;
 #else
     LOGW(ATM_DOMAIN, ATM_TAG, "Eventhandler is not existed");
@@ -659,13 +659,13 @@ bool TempPermissionObserver::CancleTaskOfPermissionRevoking(const std::string& t
 #endif
 }
 
-void TempPermissionObserver::SetCancelTime(int32_t cancleTime)
+void TempPermissionObserver::SetCancelTime(int32_t cancelTime)
 {
-    if (cancleTime != 0) {
-        cancleTimes_ = cancleTime;
+    if (cancelTime != 0) {
+        cancelTimes_ = cancelTime;
     }
 
-    LOGI(ATM_DOMAIN, ATM_TAG, "CancleTimes_ is %{public}d.", cancleTimes_);
+    LOGI(ATM_DOMAIN, ATM_TAG, "CancelTimes_ is %{public}d.", cancelTimes_);
 }
 } // namespace AccessToken
 } // namespace Security
diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp
index f25826362a6e2a631ff5f16e7138320ce3d673bb..929f2cae1e97b8ac5c48fe87035469911d1e97da 100644
--- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp
+++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp
@@ -23,6 +23,7 @@
 #include "accesstoken_dfx_define.h"
 #include "accesstoken_id_manager.h"
 #include "accesstoken_info_manager.h"
+#include "accesstoken_service_ipc_interface_code.h"
 #include "accesstoken_common_log.h"
 #include "constant_common.h"
 #include "data_validator.h"
@@ -33,7 +34,6 @@
 #include "hitrace_meter.h"
 #endif
 #include "ipc_skeleton.h"
-#include "json_parse_loader.h"
 #include "libraryloader.h"
 #include "memory_guard.h"
 #include "parameter.h"
@@ -45,7 +45,9 @@
 #include "short_grant_manager.h"
 #include "string_ex.h"
 #include "system_ability_definition.h"
+#include "time_util.h"
 #include "token_field_const.h"
+#include "time_util.h"
 #ifdef TOKEN_SYNC_ENABLE
 #include "token_modify_notifier.h"
 #endif // TOKEN_SYNC_ENABLE
@@ -63,6 +65,13 @@ const char* PERMISSION_STATE_SHEET_ABILITY_NAME = "com.ohos.permissionmanager.Pe
 const char* GLOBAL_SWITCH_SHEET_ABILITY_NAME = "com.ohos.permissionmanager.GlobalSwitchSheetAbility";
 const char* APPLICATION_SETTING_ABILITY_NAME = "com.ohos.permissionmanager.MainAbility";
 const char* DEVELOPER_MODE_STATE = "const.security.developermode.state";
+
+constexpr uint32_t BITMAP_INDEX_1 = 1;
+constexpr uint32_t BITMAP_INDEX_2 = 2;
+constexpr uint32_t BITMAP_INDEX_3 = 3;
+constexpr uint32_t BITMAP_INDEX_4 = 4;
+constexpr uint32_t BITMAP_INDEX_5 = 5;
+constexpr uint32_t BITMAP_INDEX_6 = 6;
 }
 
 const bool REGISTER_RESULT =
@@ -395,19 +404,72 @@ AccessTokenIDEx AccessTokenManagerService::AllocHapToken(const HapInfoParcel& in
     return tokenIdEx;
 }
 
+void AccessTokenManagerService::ReportAddHap(const HapInfoParcel& info, const HapPolicyParcel& policy)
+{
+    AccessTokenDfxInfo dfxInfo;
+    dfxInfo.sceneCode = AddHapSceneCode::INSTALL_START;
+    dfxInfo.tokenId = info.hapInfoParameter.tokenID;
+    dfxInfo.userId = info.hapInfoParameter.userID;
+    dfxInfo.bundleName = info.hapInfoParameter.bundleName;
+    dfxInfo.instIndex = info.hapInfoParameter.instIndex;
+    dfxInfo.dlpType = static_cast<HapDlpType>(info.hapInfoParameter.dlpType);
+    dfxInfo.isRestore = info.hapInfoParameter.isRestore;
+
+    dfxInfo.permInfo = std::to_string(policy.hapPolicy.permStateList.size()) + " : [";
+    for (const auto& permState : policy.hapPolicy.permStateList) {
+        dfxInfo.permInfo.append(permState.permissionName + ", ");
+    }
+    dfxInfo.permInfo.append("]");
+
+    dfxInfo.aclInfo = std::to_string(policy.hapPolicy.aclRequestedList.size()) + " : [";
+    for (const auto& perm : policy.hapPolicy.aclRequestedList) {
+        dfxInfo.aclInfo.append(perm + ", ");
+    }
+    dfxInfo.aclInfo.append("]");
+
+    dfxInfo.preauthInfo = std::to_string(policy.hapPolicy.preAuthorizationInfo.size()) + " : [";
+    for (const auto& preAuthInfo : policy.hapPolicy.preAuthorizationInfo) {
+        dfxInfo.preauthInfo.append(preAuthInfo.permissionName + ", ");
+    }
+    dfxInfo.preauthInfo.append("]");
+
+    ReportSysEventAddHap(dfxInfo);
+}
+
+void AccessTokenManagerService::ReportAddHapFinish(AccessTokenIDEx fullTokenId, const HapInfoParcel& info,
+    int64_t beginTime, int32_t errorCode)
+{
+    int64_t endTime = TimeUtil::GetCurrentTimestamp();
+    AccessTokenDfxInfo dfxInfo;
+    dfxInfo.sceneCode = AddHapSceneCode::INSTALL_FINISH;
+    dfxInfo.tokenId = fullTokenId.tokenIdExStruct.tokenID;
+    dfxInfo.tokenIdEx = fullTokenId;
+    dfxInfo.userId = info.hapInfoParameter.userID;
+    dfxInfo.bundleName = info.hapInfoParameter.bundleName;
+    dfxInfo.instIndex = info.hapInfoParameter.instIndex;
+    dfxInfo.duration = endTime - beginTime;
+    dfxInfo.errorCode = errorCode;
+    ReportSysEventAddHap(dfxInfo);
+}
+
 int32_t AccessTokenManagerService::InitHapToken(const HapInfoParcel& info, HapPolicyParcel& policy,
     AccessTokenIDEx& fullTokenId, HapInfoCheckResult& result)
 {
     LOGI(ATM_DOMAIN, ATM_TAG, "Init hap %{public}s.", info.hapInfoParameter.bundleName.c_str());
+    int64_t beginTime = TimeUtil::GetCurrentTimestamp();
+    ReportAddHap(info, policy);
+
     std::vector<PermissionStatus> initializedList;
     if (info.hapInfoParameter.dlpType == DLP_COMMON) {
         if (!PermissionManager::GetInstance().InitPermissionList(info.hapInfoParameter.appDistributionType,
             policy.hapPolicy, initializedList, result)) {
+            ReportAddHapFinish({0}, info, beginTime, ERR_PERM_REQUEST_CFG_FAILED);
             return ERR_PERM_REQUEST_CFG_FAILED;
         }
     } else {
         if (!PermissionManager::GetInstance().InitDlpPermissionList(
             info.hapInfoParameter.bundleName, info.hapInfoParameter.userID, initializedList)) {
+            ReportAddHapFinish({0}, info, beginTime, ERR_PERM_REQUEST_CFG_FAILED);
             return ERR_PERM_REQUEST_CFG_FAILED;
         }
     }
@@ -415,9 +477,7 @@ int32_t AccessTokenManagerService::InitHapToken(const HapInfoParcel& info, HapPo
 
     int32_t ret = AccessTokenInfoManager::GetInstance().CreateHapTokenInfo(
         info.hapInfoParameter, policy.hapPolicy, fullTokenId);
-    if (ret != RET_SUCCESS) {
-        return ret;
-    }
+    ReportAddHapFinish(fullTokenId, info, beginTime, ret);
 
     return ret;
 }
@@ -425,8 +485,24 @@ int32_t AccessTokenManagerService::InitHapToken(const HapInfoParcel& info, HapPo
 int AccessTokenManagerService::DeleteToken(AccessTokenID tokenID)
 {
     LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenID);
+    int64_t beginTime = TimeUtil::GetCurrentTimestamp();
+
+    HapTokenInfo hapInfo;
+    AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenID, hapInfo);
+    ClearThreadErrorMsg();
+    HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "DEL_HAP",
+        HiviewDFX::HiSysEvent::EventType::STATISTIC, "SCENE_CODE", CommonSceneCode::AT_COMMOM_START,
+        "TOKENID", tokenID, "USERID", hapInfo.userID, "BUNDLENAME", hapInfo.bundleName, "INSTINDEX", hapInfo.instIndex);
+
     // only support hap token deletion
-    return AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID);
+    int32_t ret = AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenID);
+
+    int64_t endTime = TimeUtil::GetCurrentTimestamp();
+    HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "DEL_HAP",
+        HiviewDFX::HiSysEvent::EventType::STATISTIC, "SCENE_CODE", CommonSceneCode::AT_COMMON_FINISH,
+        "TOKENID", tokenID, "DURATION", endTime - beginTime, "ERROR_CODE", ret);
+    ReportSysCommonEventError(static_cast<int32_t>(AccessTokenInterfaceCode::TOKEN_DELETE), ret);
+    return ret;
 }
 
 int AccessTokenManagerService::GetTokenType(AccessTokenID tokenID)
@@ -452,19 +528,69 @@ AccessTokenID AccessTokenManagerService::AllocLocalTokenID(
     return tokenID;
 }
 
-int32_t AccessTokenManagerService::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info,
+int32_t AccessTokenManagerService::UpdateHapTokenCore(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info,
     const HapPolicyParcel& policyParcel, HapInfoCheckResult& result)
 {
-    LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d", tokenIdEx.tokenIdExStruct.tokenID);
     std::vector<PermissionStatus> InitializedList;
     if (!PermissionManager::GetInstance().InitPermissionList(
         info.appDistributionType, policyParcel.hapPolicy, InitializedList, result)) {
+        LOGC(ATM_DOMAIN, ATM_TAG, "InitPermissionList failed, tokenId=%{public}u.", tokenIdEx.tokenIdExStruct.tokenID);
         return ERR_PERM_REQUEST_CFG_FAILED;
     }
+
     int32_t ret = AccessTokenInfoManager::GetInstance().UpdateHapToken(tokenIdEx, info,
         InitializedList, policyParcel.hapPolicy);
     return ret;
 }
+
+static void DumpEventInfo(const HapPolicy& policy, AccessTokenDfxInfo& dfxInfo)
+{
+    dfxInfo.permInfo = std::to_string(policy.permStateList.size()) + " : [";
+    for (const auto& permState : policy.permStateList) {
+        dfxInfo.permInfo.append(permState.permissionName + ", ");
+    }
+    dfxInfo.permInfo.append("]");
+
+    dfxInfo.aclInfo = std::to_string(policy.aclRequestedList.size()) + " : [";
+    for (const auto& perm : policy.aclRequestedList) {
+        dfxInfo.aclInfo.append(perm + ", ");
+    }
+    dfxInfo.aclInfo.append("]");
+
+    dfxInfo.preauthInfo = std::to_string(policy.preAuthorizationInfo.size()) + " : [";
+    for (const auto& preAuthInfo : policy.preAuthorizationInfo) {
+        dfxInfo.preauthInfo.append(preAuthInfo.permissionName + ", ");
+    }
+    dfxInfo.preauthInfo.append("]");
+}
+
+int32_t AccessTokenManagerService::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info,
+    const HapPolicyParcel& policyParcel, HapInfoCheckResult& result)
+{
+    int64_t beginTime = TimeUtil::GetCurrentTimestamp();
+    HapTokenInfo hapInfo;
+    AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenIdEx.tokenIdExStruct.tokenID, hapInfo);
+    ClearThreadErrorMsg();
+
+    AccessTokenDfxInfo dfxInfo;
+    DumpEventInfo(policyParcel.hapPolicy, dfxInfo);
+    HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_HAP",
+        HiviewDFX::HiSysEvent::EventType::STATISTIC, "SCENE_CODE", CommonSceneCode::AT_COMMOM_START,
+        "TOKENID", tokenIdEx.tokenIdExStruct.tokenID, "TOKENIDEX", tokenIdEx.tokenIDEx,
+        "USERID", hapInfo.userID, "BUNDLENAME", hapInfo.bundleName, "INSTINDEX", hapInfo.instIndex,
+        "PERM_INFO", dfxInfo.permInfo, "ACL_INFO", dfxInfo.aclInfo, "PREAUTH_INFO", dfxInfo.preauthInfo,
+        "EXTEND_INFO", dfxInfo.extendInfo);
+
+    int32_t ret = UpdateHapTokenCore(tokenIdEx, info, policyParcel, result);
+
+    int64_t endTime = TimeUtil::GetCurrentTimestamp();
+    HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_HAP",
+        HiviewDFX::HiSysEvent::EventType::STATISTIC, "SCENE_CODE", CommonSceneCode::AT_COMMON_FINISH,
+        "TOKENID", tokenIdEx.tokenIdExStruct.tokenID, "TOKENIDEX", tokenIdEx.tokenIDEx,
+        "DURATION", endTime - beginTime, "ERROR_CODE", ret);
+    ReportSysCommonEventError(static_cast<int32_t>(AccessTokenInterfaceCode::UPDATE_HAP_TOKEN), ret);
+    return ret;
+}
 int32_t AccessTokenManagerService::GetTokenIDByUserID(int32_t userID, std::unordered_set<AccessTokenID>& tokenIdList)
 {
     LOGD(ATM_DOMAIN, ATM_TAG, "UserID: %{public}d", userID);
@@ -691,8 +817,50 @@ void AccessTokenManagerService::AccessTokenServiceParamSet() const
     }
 }
 
-void AccessTokenManagerService::GetConfigValue()
+void AccessTokenManagerService::SetFlagIfNeed(const AccessTokenServiceConfig& atConfig,
+    int32_t& cancelTime, uint32_t& parseConfigFlag)
 {
+    parseConfigFlag = 0;
+    // set value from config
+    if (!atConfig.grantBundleName.empty()) {
+        grantBundleName_ = atConfig.grantBundleName;
+        parseConfigFlag = 0x1;
+    }
+    if (!atConfig.grantAbilityName.empty()) {
+        grantAbilityName_ = atConfig.grantAbilityName;
+        parseConfigFlag |= 0x1 << BITMAP_INDEX_1;
+    }
+    if (!atConfig.grantServiceAbilityName.empty()) {
+        grantServiceAbilityName_ = atConfig.grantServiceAbilityName;
+        parseConfigFlag |= 0x1 << BITMAP_INDEX_2;
+    }
+    if (!atConfig.permStateAbilityName.empty()) {
+        permStateAbilityName_ = atConfig.permStateAbilityName;
+        parseConfigFlag |= 0x1 << BITMAP_INDEX_3;
+    }
+    if (!atConfig.globalSwitchAbilityName.empty()) {
+        globalSwitchAbilityName_ = atConfig.globalSwitchAbilityName;
+        parseConfigFlag |= 0x1 << BITMAP_INDEX_4;
+    }
+    if (atConfig.cancelTime != 0) {
+        cancelTime = atConfig.cancelTime;
+        parseConfigFlag |= 0x1 << BITMAP_INDEX_5;
+    }
+    if (!atConfig.applicationSettingAbilityName.empty()) {
+        applicationSettingAbilityName_ = atConfig.applicationSettingAbilityName;
+        parseConfigFlag |= 0x1 << BITMAP_INDEX_6;
+    }
+}
+
+void AccessTokenManagerService::GetConfigValue(uint32_t& parseConfigFlag)
+{
+    grantBundleName_ = GRANT_ABILITY_BUNDLE_NAME;
+    grantAbilityName_ = GRANT_ABILITY_ABILITY_NAME;
+    grantServiceAbilityName_ = GRANT_ABILITY_ABILITY_NAME;
+    permStateAbilityName_ = PERMISSION_STATE_SHEET_ABILITY_NAME;
+    globalSwitchAbilityName_ = GLOBAL_SWITCH_SHEET_ABILITY_NAME;
+    int32_t cancelTime = 0;
+    applicationSettingAbilityName_ = APPLICATION_SETTING_ABILITY_NAME;
     LibraryLoader loader(CONFIG_PARSE_LIBPATH);
     ConfigPolicyLoaderInterface* policy = loader.GetObject<ConfigPolicyLoaderInterface>();
     if (policy == nullptr) {
@@ -701,30 +869,9 @@ void AccessTokenManagerService::GetConfigValue()
     }
     AccessTokenConfigValue value;
     if (policy->GetConfigValue(ServiceType::ACCESSTOKEN_SERVICE, value)) {
-        // set value from config
-        grantBundleName_ = value.atConfig.grantBundleName.empty() ?
-            GRANT_ABILITY_BUNDLE_NAME : value.atConfig.grantBundleName;
-        grantAbilityName_ = value.atConfig.grantAbilityName.empty() ?
-            GRANT_ABILITY_ABILITY_NAME : value.atConfig.grantAbilityName;
-        grantServiceAbilityName_ = value.atConfig.grantServiceAbilityName.empty() ?
-            GRANT_ABILITY_ABILITY_NAME : value.atConfig.grantServiceAbilityName;
-        permStateAbilityName_ = value.atConfig.permStateAbilityName.empty() ?
-            PERMISSION_STATE_SHEET_ABILITY_NAME : value.atConfig.permStateAbilityName;
-        globalSwitchAbilityName_ = value.atConfig.globalSwitchAbilityName.empty() ?
-            GLOBAL_SWITCH_SHEET_ABILITY_NAME : value.atConfig.globalSwitchAbilityName;
-        applicationSettingAbilityName_ = value.atConfig.applicationSettingAbilityName.empty() ?
-            APPLICATION_SETTING_ABILITY_NAME : value.atConfig.applicationSettingAbilityName;
-        TempPermissionObserver::GetInstance().SetCancelTime(value.atConfig.cancleTime);
-    } else {
-        LOGI(ATM_DOMAIN, ATM_TAG, "No config file or config file is not valid, use default values");
-        grantBundleName_ = GRANT_ABILITY_BUNDLE_NAME;
-        grantAbilityName_ = GRANT_ABILITY_ABILITY_NAME;
-        grantServiceAbilityName_ = GRANT_ABILITY_ABILITY_NAME;
-        permStateAbilityName_ = PERMISSION_STATE_SHEET_ABILITY_NAME;
-        globalSwitchAbilityName_ = GLOBAL_SWITCH_SHEET_ABILITY_NAME;
-        applicationSettingAbilityName_ = APPLICATION_SETTING_ABILITY_NAME;
+        SetFlagIfNeed(value.atConfig, cancelTime, parseConfigFlag);
     }
-
+    TempPermissionObserver::GetInstance().SetCancelTime(cancelTime);
     LOGI(ATM_DOMAIN, ATM_TAG, "GrantBundleName_ is %{public}s, grantAbilityName_ is %{public}s, "
         "grantServiceAbilityName_ is %{public}s, permStateAbilityName_ is %{public}s, "
         "globalSwitchAbilityName_ is %{public}s, applicationSettingAbilityName_ is %{public}s.",
@@ -749,13 +896,26 @@ bool AccessTokenManagerService::Initialize()
 {
     MemoryGuard guard;
     ReportSysEventPerformance();
-    AccessTokenInfoManager::GetInstance().Init();
+
+    uint32_t hapSize = 0;
+    uint32_t nativeSize = 0;
+    uint32_t pefDefSize = 0;
+    uint32_t dlpSize = 0;
+    AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize);
 
 #ifdef EVENTHANDLER_ENABLE
     TempPermissionObserver::GetInstance().InitEventHandler();
     ShortGrantManager::GetInstance().InitEventHandler();
 #endif
-    GetConfigValue();
+    AccessTokenDfxInfo dfxInfo;
+    dfxInfo.pid = getpid();
+    dfxInfo.hapSize = hapSize;
+    dfxInfo.nativeSize = nativeSize;
+    dfxInfo.permDefSize = pefDefSize;
+    dfxInfo.dlpSize = dlpSize;
+    GetConfigValue(dfxInfo.parseConfigFlag);
+
+    ReportSysEventServiceStart(dfxInfo);
     LOGI(ATM_DOMAIN, ATM_TAG, "Initialize success");
     return true;
 }
diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp
index c1341cd00e9d685e1ea5afe442891059e43c034a..13c8b5d1b7564d7bc08dd97a1dddad9930fb119a 100644
--- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp
+++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_stub.cpp
@@ -23,6 +23,7 @@
 #include "memory_guard.h"
 #include "string_ex.h"
 #include "tokenid_kit.h"
+#include "hisysevent_adapter.h"
 #ifdef HICOLLIE_ENABLE
 #include "xcollie/xcollie.h"
 #endif // HICOLLIE_ENABLE
@@ -51,6 +52,7 @@ int32_t AccessTokenManagerStub::OnRemoteRequest(
 {
     MemoryGuard guard;
 
+    ClearThreadErrorMsg();
     uint32_t callingTokenID = IPCSkeleton::GetCallingTokenID();
     LOGD(ATM_DOMAIN, ATM_TAG, "Code %{public}u token %{public}u", code, callingTokenID);
     std::u16string descriptor = data.ReadInterfaceToken();
@@ -74,7 +76,7 @@ int32_t AccessTokenManagerStub::OnRemoteRequest(
 #ifdef HICOLLIE_ENABLE
             HiviewDFX::XCollie::GetInstance().CancelTimer(timerId);
 #endif // HICOLLIE_ENABLE
-
+            ClearThreadErrorMsg();
             return NO_ERROR;
         }
     }
diff --git a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp
index 49d0e91b868afbfa407a987b56d917935e7bdbd8..1317a39502cae1bcf0131c10a8a3f3b6222961ea 100644
--- a/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp
+++ b/services/accesstokenmanager/main/cpp/src/token/accesstoken_info_manager.cpp
@@ -83,7 +83,7 @@ AccessTokenInfoManager::~AccessTokenInfoManager()
     this->hasInited_ = false;
 }
 
-void AccessTokenInfoManager::Init()
+void AccessTokenInfoManager::Init(uint32_t& hapSize, uint32_t& nativeSize, uint32_t& pefDefSize, uint32_t& dlpSize)
 {
     OHOS::Utils::UniqueWriteGuard<OHOS::Utils::RWLock> lk(this->managerLock_);
     if (hasInited_) {
@@ -103,23 +103,26 @@ void AccessTokenInfoManager::Init()
         ReportSysEventServiceStartError(
             INIT_NATIVE_TOKENINFO_ERROR, "GetAllNativeTokenInfo fail from native json.", ret);
     }
-    uint32_t hapSize = 0;
-    uint32_t nativeSize = tokenInfos.size();
-    InitHapTokenInfos(hapSize);
-    InitNativeTokenInfos(tokenInfos);
-    uint32_t pefDefSize = GetDefPermissionsSize();
-    ReportSysEventServiceStart(getpid(), hapSize, nativeSize, pefDefSize);
-    LOGI(ATM_DOMAIN, ATM_TAG, "InitTokenInfo end, hapSize %{public}d, nativeSize %{public}d, pefDefSize %{public}d.",
-        hapSize, nativeSize, pefDefSize);
 
 #ifdef SUPPORT_SANDBOX_APP
     std::vector<PermissionDlpMode> dlpPerms;
     ret = policy->GetDlpPermissions(dlpPerms);
+    dlpSize = dlpPerms.size();
     if (ret == RET_SUCCESS) {
-        LOGI(ATM_DOMAIN, ATM_TAG, "Load dlpPer size=%{public}zu.", dlpPerms.size());
+        LOGI(ATM_DOMAIN, ATM_TAG, "Load dlpPer size=%{public}zu.", dlpSize);
         DlpPermissionSetManager::GetInstance().ProcessDlpPermInfos(dlpPerms);
     }
 #endif
+
+    InitHapTokenInfos(hapSize);
+    nativeSize = tokenInfos.size();
+    InitNativeTokenInfos(tokenInfos);
+    pefDefSize = GetDefPermissionsSize();
+
+    LOGI(ATM_DOMAIN, ATM_TAG,
+        "InitTokenInfo end, hapSize %{public}u, nativeSize %{public}u, pefDefSize %{public}u, dlpSize %{public}u.",
+        hapSize, nativeSize, pefDefSize, dlpSize);
+
     hasInited_ = true;
     LOGI(ATM_DOMAIN, ATM_TAG, "Init success");
 }
@@ -149,6 +152,57 @@ void AccessTokenInfoManager::InitDmCallback(void)
 }
 #endif
 
+int32_t AccessTokenInfoManager::AddHapInfoToCache(const GenericValues& tokenValue,
+    const std::vector<GenericValues>& permStateRes, const std::vector<GenericValues>& extendedPermRes)
+{
+    AccessTokenID tokenId = static_cast<AccessTokenID>(tokenValue.GetInt(TokenFiledConst::FIELD_TOKEN_ID));
+    std::string bundle = tokenValue.GetString(TokenFiledConst::FIELD_BUNDLE_NAME);
+    int result = AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_HAP);
+    if (result != RET_SUCCESS) {
+        LOGE(ATM_DOMAIN, ATM_TAG, "TokenId %{public}u add id failed, error=%{public}d.", tokenId, result);
+        ReportSysEventServiceStartError(INIT_HAP_TOKENINFO_ERROR,
+            "RegisterTokenId fail, " + bundle + std::to_string(tokenId), result);
+        return result;
+    }
+    std::shared_ptr<HapTokenInfoInner> hap = std::make_shared<HapTokenInfoInner>();
+    result = hap->RestoreHapTokenInfo(tokenId, tokenValue, permStateRes, extendedPermRes);
+    if (result != RET_SUCCESS) {
+        AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId);
+        LOGE(ATM_DOMAIN, ATM_TAG, "TokenId %{public}u restore failed.", tokenId);
+        return result;
+    }
+
+    AccessTokenID oriTokenId = 0;
+    result = AddHapTokenInfo(hap, oriTokenId);
+    if (result != RET_SUCCESS) {
+        AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId);
+        LOGE(ATM_DOMAIN, ATM_TAG, "TokenId %{public}u add failed.", tokenId);
+        ReportSysEventServiceStartError(INIT_HAP_TOKENINFO_ERROR,
+            "AddHapTokenInfo fail, " + bundle + std::to_string(tokenId), result);
+        return result;
+    }
+
+    AccessTokenIDEx tokenIdEx = {0};
+    tokenIdEx.tokenIdExStruct.tokenID = tokenId;
+    tokenIdEx.tokenIdExStruct.tokenAttr = hap->GetAttr();
+
+    AccessTokenDfxInfo dfxInfo;
+    dfxInfo.sceneCode = AddHapSceneCode::INIT;
+    dfxInfo.tokenId = tokenId;
+    dfxInfo.tokenIdEx = tokenIdEx;
+    dfxInfo.userId = hap->GetUserID();
+    dfxInfo.bundleName = hap->GetBundleName();
+    dfxInfo.instIndex = hap->GetInstIndex();
+    ReportSysEventAddHap(dfxInfo);
+
+    LOGI(ATM_DOMAIN, ATM_TAG,
+        " Restore hap token %{public}u bundle name %{public}s user %{public}d,"
+        " permSize %{public}d, inst %{public}d ok!",
+        tokenId, hap->GetBundleName().c_str(), hap->GetUserID(), hap->GetReqPermissionSize(), hap->GetInstIndex());
+
+    return RET_SUCCESS;
+}
+
 void AccessTokenInfoManager::InitHapTokenInfos(uint32_t& hapSize)
 {
     GenericValues conditionValue;
@@ -169,36 +223,11 @@ void AccessTokenInfoManager::InitHapTokenInfos(uint32_t& hapSize)
         ReportSysEventServiceStartError(INIT_HAP_TOKENINFO_ERROR, "Load exetended value from db fail.", ret);
     }
     for (const GenericValues& tokenValue : hapTokenRes) {
-        AccessTokenID tokenId = (AccessTokenID)tokenValue.GetInt(TokenFiledConst::FIELD_TOKEN_ID);
-        std::string bundle = tokenValue.GetString(TokenFiledConst::FIELD_BUNDLE_NAME);
-        int result = AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_HAP);
-        if (result != RET_SUCCESS) {
-            LOGE(ATM_DOMAIN, ATM_TAG, "TokenId %{public}u add id failed, error=%{public}d.", tokenId, result);
-            ReportSysEventServiceStartError(INIT_HAP_TOKENINFO_ERROR,
-                "RegisterTokenId fail, " + bundle + std::to_string(tokenId), result);
-            continue;
-        }
-        std::shared_ptr<HapTokenInfoInner> hap = std::make_shared<HapTokenInfoInner>();
-        result = hap->RestoreHapTokenInfo(tokenId, tokenValue, permStateRes, extendedPermRes);
-        if (result != RET_SUCCESS) {
-            AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId);
-            LOGE(ATM_DOMAIN, ATM_TAG, "TokenId %{public}u restore failed.", tokenId);
-            continue;
-        }
-
-        result = AddHapTokenInfo(hap);
-        if (result != RET_SUCCESS) {
-            AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId);
-            LOGE(ATM_DOMAIN, ATM_TAG, "TokenId %{public}u add failed.", tokenId);
-            ReportSysEventServiceStartError(INIT_HAP_TOKENINFO_ERROR,
-                "AddHapTokenInfo fail, " + bundle + std::to_string(tokenId), result);
+        ret = AddHapInfoToCache(tokenValue, permStateRes, extendedPermRes);
+        if (ret != RET_SUCCESS) {
             continue;
         }
         hapSize++;
-        LOGI(ATM_DOMAIN, ATM_TAG,
-            " Restore hap token %{public}u bundle name %{public}s user %{public}d,"
-            " permSize %{public}d, inst %{public}d ok!",
-            tokenId, hap->GetBundleName().c_str(), hap->GetUserID(), hap->GetReqPermissionSize(), hap->GetInstIndex());
     }
 }
 
@@ -216,7 +245,7 @@ std::string AccessTokenInfoManager::GetHapUniqueStr(const std::shared_ptr<HapTok
     return GetHapUniqueStr(info->GetUserID(), info->GetBundleName(), info->GetInstIndex());
 }
 
-int AccessTokenInfoManager::AddHapTokenInfo(const std::shared_ptr<HapTokenInfoInner>& info)
+int AccessTokenInfoManager::AddHapTokenInfo(const std::shared_ptr<HapTokenInfoInner>& info, AccessTokenID& oriTokenId)
 {
     if (info == nullptr) {
         LOGE(ATM_DOMAIN, ATM_TAG, "Token info is null.");
@@ -227,7 +256,7 @@ int AccessTokenInfoManager::AddHapTokenInfo(const std::shared_ptr<HapTokenInfoIn
     {
         Utils::UniqueWriteGuard<Utils::RWLock> infoGuard(this->hapTokenInfoLock_);
         if (hapTokenInfoMap_.count(id) > 0) {
-            LOGE(ATM_DOMAIN, ATM_TAG, "Token %{public}u info has exist.", id);
+            LOGC(ATM_DOMAIN, ATM_TAG, "Token %{public}u info has exist.", id);
             return AccessTokenError::ERR_TOKENID_HAS_EXISTED;
         }
 
@@ -243,13 +272,9 @@ int AccessTokenInfoManager::AddHapTokenInfo(const std::shared_ptr<HapTokenInfoIn
         hapTokenInfoMap_[id] = info;
     }
     if (idRemoved != INVALID_TOKENID) {
+        oriTokenId = idRemoved;
         RemoveHapTokenInfo(idRemoved);
     }
-    HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "ADD_HAP",
-        HiviewDFX::HiSysEvent::EventType::STATISTIC,
-        "TOKENID", info->GetTokenID(), "USERID", info->GetUserID(), "BUNDLENAME", info->GetBundleName(),
-        "INSTINDEX", info->GetInstIndex());
-
     // add hap to kernel
     int32_t userId = info->GetUserID();
     {
@@ -281,14 +306,14 @@ std::shared_ptr<HapTokenInfoInner> AccessTokenInfoManager::GetHapTokenInfoInner(
     std::vector<GenericValues> hapTokenResults;
     int32_t ret = AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_HAP_INFO, conditionValue, hapTokenResults);
     if (ret != RET_SUCCESS || hapTokenResults.empty()) {
-        LOGE(ATM_DOMAIN, ATM_TAG, "Failed to find Id(%{public}u) from hap_token_table, err: %{public}d, "
+        LOGC(ATM_DOMAIN, ATM_TAG, "Failed to find Id(%{public}u) from hap_token_table, err: %{public}d, "
             "hapSize: %{public}zu, mapSize: %{public}zu.", id, ret, hapTokenResults.size(), hapTokenInfoMap_.size());
         return nullptr;
     }
     std::vector<GenericValues> permStateRes;
     ret = AccessTokenDb::GetInstance().Find(AtmDataType::ACCESSTOKEN_PERMISSION_STATE, conditionValue, permStateRes);
     if (ret != RET_SUCCESS) {
-        LOGE(ATM_DOMAIN, ATM_TAG, "Failed to find Id(%{public}u) from perm_state_table, err: %{public}d, "
+        LOGC(ATM_DOMAIN, ATM_TAG, "Failed to find Id(%{public}u) from perm_state_table, err: %{public}d, "
             "mapSize: %{public}zu.", id, ret, hapTokenInfoMap_.size());
         return nullptr;
     }
@@ -297,7 +322,7 @@ std::shared_ptr<HapTokenInfoInner> AccessTokenInfoManager::GetHapTokenInfoInner(
     ret = AccessTokenDb::GetInstance().Find(
         AtmDataType::ACCESSTOKEN_PERMISSION_EXTEND_VALUE, conditionValue, extendedPermRes);
     if (ret != RET_SUCCESS) { // extendedPermRes may be empty
-        LOGE(ATM_DOMAIN, ATM_TAG, "Failed to find Id(%{public}u) from perm_extend_value_table, err: %{public}d, "
+        LOGC(ATM_DOMAIN, ATM_TAG, "Failed to find Id(%{public}u) from perm_extend_value_table, err: %{public}d, "
             "mapSize: %{public}zu.", id, ret, hapTokenInfoMap_.size());
         return nullptr;
     }
@@ -305,7 +330,7 @@ std::shared_ptr<HapTokenInfoInner> AccessTokenInfoManager::GetHapTokenInfoInner(
     std::shared_ptr<HapTokenInfoInner> hap = std::make_shared<HapTokenInfoInner>();
     ret = hap->RestoreHapTokenInfo(id, hapTokenResults[0], permStateRes, extendedPermRes);
     if (ret != RET_SUCCESS) {
-        LOGE(ATM_DOMAIN, ATM_TAG, "Id %{public}u restore failed, err: %{public}d, mapSize: %{public}zu.",
+        LOGC(ATM_DOMAIN, ATM_TAG, "Id %{public}u restore failed, err: %{public}d, mapSize: %{public}zu.",
             id, ret, hapTokenInfoMap_.size());
         return nullptr;
     }
@@ -398,7 +423,7 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id)
 {
     ATokenTypeEnum type = AccessTokenIDManager::GetInstance().GetTokenIdType(id);
     if (type != TOKEN_HAP) {
-        LOGE(ATM_DOMAIN, ATM_TAG, "Token %{public}u is not hap.", id);
+        LOGC(ATM_DOMAIN, ATM_TAG, "Token %{public}u is not hap.", id);
         return ERR_PARAM_INVALID;
     }
     std::shared_ptr<HapTokenInfoInner> info;
@@ -409,17 +434,17 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id)
         AccessTokenIDManager::GetInstance().ReleaseTokenId(id);
 
         if (hapTokenInfoMap_.count(id) == 0) {
-            LOGE(ATM_DOMAIN, ATM_TAG, "Hap token %{public}u no exist.", id);
+            LOGC(ATM_DOMAIN, ATM_TAG, "Hap token %{public}u no exist.", id);
             return ERR_TOKENID_NOT_EXIST;
         }
 
         info = hapTokenInfoMap_[id];
         if (info == nullptr) {
-            LOGE(ATM_DOMAIN, ATM_TAG, "Hap token %{public}u is null.", id);
+            LOGC(ATM_DOMAIN, ATM_TAG, "Hap token %{public}u is null.", id);
             return ERR_TOKEN_INVALID;
         }
         if (info->IsRemote()) {
-            LOGE(ATM_DOMAIN, ATM_TAG, "Remote hap token %{public}u can not delete.", id);
+            LOGC(ATM_DOMAIN, ATM_TAG, "Remote hap token %{public}u can not delete.", id);
             return ERR_IDENTITY_CHECK_FAILED;
         }
         std::string HapUniqueKey = GetHapUniqueStr(info);
@@ -429,7 +454,10 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id)
         }
         hapTokenInfoMap_.erase(id);
     }
-    RemoveHapTokenInfoFromDb(info);
+    int32_t ret = RemoveHapTokenInfoFromDb(info);
+    if (ret != RET_SUCCESS) {
+        LOGC(ATM_DOMAIN, ATM_TAG, "Remove info from db failed, ret is %{public}d", ret);
+    }
 
     LOGI(ATM_DOMAIN, ATM_TAG, "Remove hap token %{public}u ok!", id);
     PermissionStateNotify(info, id);
@@ -437,10 +465,6 @@ int AccessTokenInfoManager::RemoveHapTokenInfo(AccessTokenID id)
     TokenModifyNotifier::GetInstance().NotifyTokenDelete(id);
 #endif
 
-    HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "DEL_HAP", HiviewDFX::HiSysEvent::EventType::STATISTIC,
-        "TOKENID", info->GetTokenID(), "USERID", info->GetUserID(), "BUNDLENAME", info->GetBundleName(),
-        "INSTINDEX", info->GetInstIndex());
-
     return RET_SUCCESS;
 }
 
@@ -475,7 +499,7 @@ int32_t AccessTokenInfoManager::CheckHapInfoParam(const HapInfoParams& info, con
         (!DataValidator::IsAppIDDescValid(info.appIDDesc)) || (!DataValidator::IsDomainValid(policy.domain)) ||
         (!DataValidator::IsDlpTypeValid(info.dlpType)) || (info.isRestore && info.tokenID == INVALID_TOKENID) ||
          !DataValidator::IsAclExtendedMapSizeValid(policy.aclExtendedMap)) {
-        LOGE(ATM_DOMAIN, ATM_TAG, "Hap token param failed");
+        LOGC(ATM_DOMAIN, ATM_TAG, "Hap token param failed");
         return AccessTokenError::ERR_PARAM_INVALID;
     }
 
@@ -484,37 +508,64 @@ int32_t AccessTokenInfoManager::CheckHapInfoParam(const HapInfoParams& info, con
             continue;
         }
         if (!DataValidator::IsAclExtendedMapContentValid(extendValue.first, extendValue.second)) {
-            LOGE(ATM_DOMAIN, ATM_TAG, "acl extended content is unvalid.");
+            LOGC(ATM_DOMAIN, ATM_TAG, "Acl extended content is invalid.");
             return AccessTokenError::ERR_PARAM_INVALID;
         }
     }
     return ERR_OK;
 }
 
-int AccessTokenInfoManager::CreateHapTokenInfo(
-    const HapInfoParams& info, const HapPolicy& policy, AccessTokenIDEx& tokenIdEx)
+void AccessTokenInfoManager::ReportAddHapIdChange(const std::shared_ptr<HapTokenInfoInner>& hapInfo,
+    AccessTokenID oriTokenId)
 {
-    if (CheckHapInfoParam(info, policy) != ERR_OK) {
-        return AccessTokenError::ERR_PARAM_INVALID;
-    }
-    AccessTokenID tokenId = info.tokenID;
+    AccessTokenDfxInfo dfxInfo;
+    dfxInfo.sceneCode = AddHapSceneCode::TOKEN_ID_CHANGE;
+    dfxInfo.tokenId = hapInfo->GetTokenID();
+    dfxInfo.oriTokenId = oriTokenId;
+    dfxInfo.userId = hapInfo->GetUserID();
+    dfxInfo.bundleName = hapInfo->GetBundleName();
+    dfxInfo.instIndex = hapInfo->GetInstIndex();
+    ReportSysEventAddHap(dfxInfo);
+}
+
+int32_t AccessTokenInfoManager::RegisterTokenId(const HapInfoParams& info, AccessTokenID& tokenId)
+{
+    int32_t res = RET_SUCCESS;
+
     if (info.isRestore) {
-        LOGI(ATM_DOMAIN, ATM_TAG, "isRestore is true, tokenId is %{public}u", tokenId);
-        int32_t res = AccessTokenIDManager::GetInstance().RegisterTokenId(tokenId, TOKEN_HAP);
+        LOGI(ATM_DOMAIN, ATM_TAG, "IsRestore is true, tokenId is %{public}u.", info.tokenID);
+
+        res = AccessTokenIDManager::GetInstance().RegisterTokenId(info.tokenID, TOKEN_HAP);
         if (res != RET_SUCCESS) {
-            LOGE(ATM_DOMAIN, ATM_TAG, "Token Id register failed, res is %{public}d", res);
+            LOGC(ATM_DOMAIN, ATM_TAG, "Token Id register failed, errCode is %{public}d.", res);
             return res;
         }
+
+        tokenId = info.tokenID;
     } else {
         int32_t dlpFlag = (info.dlpType > DLP_COMMON) ? 1 : 0;
         int32_t cloneFlag = ((dlpFlag == 0) && (info.instIndex) > 0) ? 1 : 0;
         tokenId = AccessTokenIDManager::GetInstance().CreateAndRegisterTokenId(TOKEN_HAP, dlpFlag, cloneFlag);
         if (tokenId == 0) {
-            LOGE(ATM_DOMAIN, ATM_TAG, "Token Id create failed");
+            LOGC(ATM_DOMAIN, ATM_TAG, "Token Id create failed");
             return ERR_TOKENID_CREATE_FAILED;
         }
     }
 
+    return res;
+}
+
+int AccessTokenInfoManager::CreateHapTokenInfo(
+    const HapInfoParams& info, const HapPolicy& policy, AccessTokenIDEx& tokenIdEx)
+{
+    if (CheckHapInfoParam(info, policy) != ERR_OK) {
+        return AccessTokenError::ERR_PARAM_INVALID;
+    }
+    AccessTokenID tokenId;
+    int32_t ret = RegisterTokenId(info, tokenId);
+    if (ret != RET_SUCCESS) {
+        return ret;
+    }
 #ifdef SUPPORT_SANDBOX_APP
     std::shared_ptr<HapTokenInfoInner> tokenInfo;
     HapPolicy policyNew = policy;
@@ -525,14 +576,26 @@ int AccessTokenInfoManager::CreateHapTokenInfo(
 #else
     std::shared_ptr<HapTokenInfoInner> tokenInfo = std::make_shared<HapTokenInfoInner>(tokenId, info, policy);
 #endif
-    AddHapTokenInfoToDb(tokenInfo, info.appIDDesc, policy, false);
-    int ret = AddHapTokenInfo(tokenInfo);
+    ret = AddHapTokenInfoToDb(tokenInfo, info.appIDDesc, policy, false);
+    if (ret != RET_SUCCESS) {
+        LOGC(ATM_DOMAIN, ATM_TAG, "AddHapTokenInfoToDb failed, errCode is %{public}d.", ret);
+        AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId);
+        return ret;
+    }
+
+    AccessTokenID oriTokenID = 0;
+    ret = AddHapTokenInfo(tokenInfo, oriTokenID);
     if (ret != RET_SUCCESS) {
-        LOGE(ATM_DOMAIN, ATM_TAG, "%{public}s add token info failed", info.bundleName.c_str());
+        LOGC(ATM_DOMAIN, ATM_TAG, "%{public}s add token info failed", info.bundleName.c_str());
         AccessTokenIDManager::GetInstance().ReleaseTokenId(tokenId);
         RemoveHapTokenInfoFromDb(tokenInfo);
         return ret;
     }
+
+    if (oriTokenID != 0) {
+        ReportAddHapIdChange(tokenInfo, oriTokenID);
+    }
+
     LOGI(ATM_DOMAIN, ATM_TAG,
         "Create hap token %{public}u bundleName %{public}s user %{public}d inst %{public}d isRestore %{public}d ok",
         tokenId, tokenInfo->GetBundleName().c_str(), tokenInfo->GetUserID(), tokenInfo->GetInstIndex(), info.isRestore);
@@ -624,17 +687,17 @@ int32_t AccessTokenInfoManager::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const
 {
     AccessTokenID tokenID = tokenIdEx.tokenIdExStruct.tokenID;
     if (!DataValidator::IsAppIDDescValid(info.appIDDesc)) {
-        LOGE(ATM_DOMAIN, ATM_TAG, "Token %{public}u parm format error!", tokenID);
+        LOGC(ATM_DOMAIN, ATM_TAG, "Token %{public}u parm format error!", tokenID);
         return AccessTokenError::ERR_PARAM_INVALID;
     }
     std::shared_ptr<HapTokenInfoInner> infoPtr = GetHapTokenInfoInner(tokenID);
     if (infoPtr == nullptr) {
-        LOGE(ATM_DOMAIN, ATM_TAG, "Token %{public}u is invalid, can not update!", tokenID);
+        LOGC(ATM_DOMAIN, ATM_TAG, "Token %{public}u is invalid, can not update!", tokenID);
         return AccessTokenError::ERR_TOKENID_NOT_EXIST;
     }
 
     if (infoPtr->IsRemote()) {
-        LOGE(ATM_DOMAIN, ATM_TAG, "Remote hap token %{public}u can not update!", tokenID);
+        LOGC(ATM_DOMAIN, ATM_TAG, "Remote hap token %{public}u can not update!", tokenID);
         return ERR_IDENTITY_CHECK_FAILED;
     }
     if (info.isSystemApp) {
@@ -649,15 +712,12 @@ int32_t AccessTokenInfoManager::UpdateHapToken(AccessTokenIDEx& tokenIdEx, const
 
     int32_t ret = AddHapTokenInfoToDb(infoPtr, info.appIDDesc, hapPolicy, true);
     if (ret != RET_SUCCESS) {
+        LOGC(ATM_DOMAIN, ATM_TAG, "Add hap info %{public}u to db failed!", tokenID);
         return ret;
     }
     LOGI(ATM_DOMAIN, ATM_TAG, "Token %{public}u bundle name %{public}s user %{public}d \
         inst %{public}d tokenAttr %{public}d update ok!", tokenID, infoPtr->GetBundleName().c_str(),
         infoPtr->GetUserID(), infoPtr->GetInstIndex(), infoPtr->GetHapInfoBasic().tokenAttr);
-    // DFX
-    HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_HAP",
-        HiviewDFX::HiSysEvent::EventType::STATISTIC, "TOKENID", tokenID, "USERID",
-        infoPtr->GetUserID(), "BUNDLENAME", infoPtr->GetBundleName(), "INSTINDEX", infoPtr->GetInstIndex());
 
 #ifdef TOKEN_SYNC_ENABLE
     TokenModifyNotifier::GetInstance().NotifyTokenModify(tokenID);
@@ -720,12 +780,21 @@ int AccessTokenInfoManager::CreateRemoteHapTokenInfo(AccessTokenID mapID, HapTok
     std::shared_ptr<HapTokenInfoInner> hap = std::make_shared<HapTokenInfoInner>(mapID, hapSync);
     hap->SetRemote(true);
 
-    int ret = AddHapTokenInfo(hap);
+    AccessTokenID oriTokenId = 0;
+    int ret = AddHapTokenInfo(hap, oriTokenId);
     if (ret != RET_SUCCESS) {
         LOGE(ATM_DOMAIN, ATM_TAG, "Add local token failed.");
         return ret;
     }
 
+    AccessTokenDfxInfo dfxInfo;
+    dfxInfo.sceneCode = AddHapSceneCode::MAP;
+    dfxInfo.tokenId = hap->GetTokenID();
+    dfxInfo.userId = hap->GetUserID();
+    dfxInfo.bundleName = hap->GetBundleName();
+    dfxInfo.instIndex = hap->GetInstIndex();
+    ReportSysEventAddHap(dfxInfo);
+
     return RET_SUCCESS;
 }
 
@@ -955,11 +1024,11 @@ int AccessTokenInfoManager::AddHapTokenInfoToDb(const std::shared_ptr<HapTokenIn
     const std::string& appId, const HapPolicy& policy, bool isUpdate)
 {
     if (hapInfo == nullptr) {
-        LOGE(ATM_DOMAIN, ATM_TAG, "Token info is null!");
+        LOGC(ATM_DOMAIN, ATM_TAG, "Token info is null!");
         return AccessTokenError::ERR_TOKENID_NOT_EXIST;
     }
     if (hapInfo->IsRemote()) {
-        LOGE(ATM_DOMAIN, ATM_TAG, "It is a remote hap!");
+        LOGC(ATM_DOMAIN, ATM_TAG, "It is a remote hap!");
         return AccessTokenError::ERR_TOKENID_NOT_EXIST;
     }
     AccessTokenID tokenID = hapInfo->GetTokenID();
@@ -1038,7 +1107,7 @@ int AccessTokenInfoManager::RemoveHapTokenInfoFromDb(const std::shared_ptr<HapTo
     int32_t ret = AccessTokenDb::GetInstance().DeleteAndInsertValues(deleteDataTypes, deleteValues, addDataTypes,
         addValues);
     if (ret != RET_SUCCESS) {
-        LOGE(ATM_DOMAIN, ATM_TAG, "Id %{public}d DeleteAndInsertHap failed, ret %{public}d.", tokenID, ret);
+        LOGC(ATM_DOMAIN, ATM_TAG, "Id %{public}d DeleteAndInsertHap failed, ret %{public}d.", tokenID, ret);
         return ret;
     }
     return RET_SUCCESS;
diff --git a/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp b/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp
index 7133f2a212e2b86d939df806b961662744c7bb2e..9ccd4ff75cce55256b32bf20da9ad21afcf18e4c 100644
--- a/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp
+++ b/services/accesstokenmanager/main/cpp/src/token/hap_token_info_inner.cpp
@@ -22,6 +22,7 @@
 #include "access_token_error.h"
 #include "data_translator.h"
 #include "data_validator.h"
+#include "hisysevent_adapter.h"
 #include "short_grant_manager.h"
 #include "token_field_const.h"
 #include "permission_map.h"
@@ -208,6 +209,11 @@ int HapTokenInfoInner::GetDlpType() const
     return tokenInfoBasic_.dlpType;
 }
 
+AccessTokenAttr HapTokenInfoInner::GetAttr() const
+{
+    return tokenInfoBasic_.tokenAttr;
+}
+
 std::string HapTokenInfoInner::GetBundleName() const
 {
     return tokenInfoBasic_.bundleName;
@@ -280,6 +286,7 @@ int32_t HapTokenInfoInner::UpdatePermissionStatus(
     int32_t ret = PermissionDataBrief::GetInstance().UpdatePermissionStatus(tokenInfoBasic_.tokenID,
         permissionName, isGranted, flag, statusChanged);
     if (ret != RET_SUCCESS) {
+        LOGC(ATM_DOMAIN, ATM_TAG, "Update date brief failed, ret is %{public}d", ret);
         return ret;
     }
     if (ShortGrantManager::GetInstance().IsShortGrantPermission(permissionName)) {
diff --git a/services/accesstokenmanager/test/coverage/permission_manager_coverage_test.cpp b/services/accesstokenmanager/test/coverage/permission_manager_coverage_test.cpp
index 783f919fa599fb9caab8e819bf4ebb150b0fa8a3..46229568c81cc19aced1ad9991e34326f56c3ff8 100644
--- a/services/accesstokenmanager/test/coverage/permission_manager_coverage_test.cpp
+++ b/services/accesstokenmanager/test/coverage/permission_manager_coverage_test.cpp
@@ -73,7 +73,11 @@ public:
 
 void PermissionRecordManagerCoverageTest::SetUpTestCase()
 {
-    AccessTokenInfoManager::GetInstance().Init();
+    uint32_t hapSize = 0;
+    uint32_t nativeSize = 0;
+    uint32_t pefDefSize = 0;
+    uint32_t dlpSize = 0;
+    AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize);
 }
 
 void PermissionRecordManagerCoverageTest::TearDownTestCase() {}
diff --git a/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp b/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp
index cee98432c9220410833e588e733fe2cee5a40050..5f5a68ab8e480a2d2581e21f355365f0d4ce75c0 100644
--- a/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp
+++ b/services/accesstokenmanager/test/unittest/accesstoken_info_manager_test.cpp
@@ -122,7 +122,11 @@ public:
 
 void AccessTokenInfoManagerTest::SetUpTestCase()
 {
-    AccessTokenInfoManager::GetInstance().Init();
+    uint32_t hapSize = 0;
+    uint32_t nativeSize = 0;
+    uint32_t pefDefSize = 0;
+    uint32_t dlpSize = 0;
+    AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize);
 }
 
 void AccessTokenInfoManagerTest::TearDownTestCase()
@@ -1493,7 +1497,11 @@ HWTEST_F(AccessTokenInfoManagerTest, DumpTokenInfo007, TestSize.Level1)
 HWTEST_F(AccessTokenInfoManagerTest, AccessTokenInfoManager001, TestSize.Level1)
 {
     AccessTokenInfoManager::GetInstance().hasInited_ = true;
-    AccessTokenInfoManager::GetInstance().Init();
+    uint32_t hapSize = 0;
+    uint32_t nativeSize = 0;
+    uint32_t pefDefSize = 0;
+    uint32_t dlpSize = 0;
+    AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize);
     AccessTokenInfoManager::GetInstance().hasInited_ = false;
     ASSERT_EQ(false, AccessTokenInfoManager::GetInstance().hasInited_);
 }
@@ -1519,7 +1527,8 @@ HWTEST_F(AccessTokenInfoManagerTest, GetHapUniqueStr001, TestSize.Level1)
 HWTEST_F(AccessTokenInfoManagerTest, AddHapTokenInfo001, TestSize.Level1)
 {
     std::shared_ptr<HapTokenInfoInner> info = nullptr;
-    ASSERT_NE(0, AccessTokenInfoManager::GetInstance().AddHapTokenInfo(info));
+    AccessTokenID oriTokenId = 0;
+    ASSERT_NE(0, AccessTokenInfoManager::GetInstance().AddHapTokenInfo(info, oriTokenId));
 }
 
 /**
@@ -1546,7 +1555,8 @@ HWTEST_F(AccessTokenInfoManagerTest, AddHapTokenInfo002, TestSize.Level1)
     ASSERT_NE(static_cast<AccessTokenID>(0), tokenId);
 
     std::shared_ptr<HapTokenInfoInner> infoPtr = AccessTokenInfoManager::GetInstance().GetHapTokenInfoInner(tokenId);
-    ASSERT_NE(0, AccessTokenInfoManager::GetInstance().AddHapTokenInfo(infoPtr));
+    AccessTokenID oriTokenId = 0;
+    ASSERT_NE(0, AccessTokenInfoManager::GetInstance().AddHapTokenInfo(infoPtr, oriTokenId));
 
     ASSERT_EQ(RET_SUCCESS, AccessTokenInfoManager::GetInstance().RemoveHapTokenInfo(tokenId));
 }
diff --git a/services/common/json_parse/include/json_parse_loader.h b/services/common/json_parse/include/json_parse_loader.h
index 4af857e66afea3381710cfc5c6314910bd6a6238..ec5920f8d013bd1b7c091da18d67ac4b7ec00e28 100644
--- a/services/common/json_parse/include/json_parse_loader.h
+++ b/services/common/json_parse/include/json_parse_loader.h
@@ -32,7 +32,7 @@ struct AccessTokenServiceConfig final {
     std::string grantServiceAbilityName;
     std::string permStateAbilityName;
     std::string globalSwitchAbilityName;
-    int32_t cancleTime = 0;
+    int32_t cancelTime = 0;
     std::string applicationSettingAbilityName;
 };
 
diff --git a/services/common/json_parse/src/json_parse_loader.cpp b/services/common/json_parse/src/json_parse_loader.cpp
index 5819e152734835954a5dee13a298e7b358cbd8de..5b65b087eb7e3c2e87af5f21046e8be28777cb6b 100644
--- a/services/common/json_parse/src/json_parse_loader.cpp
+++ b/services/common/json_parse/src/json_parse_loader.cpp
@@ -178,7 +178,7 @@ bool GetAtCfgFromJson(const CJson* j, AccessTokenServiceConfig& a)
         return false;
     }
 
-    if (!GetIntFromJson(j, TEMP_PERM_CANCLE_TIME_KEY, a.cancleTime)) {
+    if (!GetIntFromJson(j, TEMP_PERM_CANCLE_TIME_KEY, a.cancelTime)) {
         return false;
     }
 
diff --git a/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/deleteremotedevicetokensstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/deleteremotedevicetokensstub_fuzzer.cpp
index cd02f2da0bcae6cb5ea89da5fee57793b417bc00..b0f6b5f081a40319f017cf9e340199095ff51b81 100644
--- a/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/deleteremotedevicetokensstub_fuzzer.cpp
+++ b/test/fuzztest/services/accesstoken/deleteremotedevicetokensstub_fuzzer/deleteremotedevicetokensstub_fuzzer.cpp
@@ -58,7 +58,11 @@ namespace OHOS {
         if (enable) {
             AccessTokenID accesstoken = AccessTokenKit::GetNativeTokenId("token_sync_service");
             SetSelfTokenID(accesstoken);
-            AccessTokenInfoManager::GetInstance().Init();
+            uint32_t hapSize = 0;
+            uint32_t nativeSize = 0;
+            uint32_t pefDefSize = 0;
+            uint32_t dlpSize = 0;
+            AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize);
         }
         DelayedSingleton<AccessTokenManagerService>::GetInstance()->OnRemoteRequest(code, datas, reply, option);
         AccessTokenID hdcd = AccessTokenKit::GetNativeTokenId("hdcd");
diff --git a/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/deleteremotetokenstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/deleteremotetokenstub_fuzzer.cpp
index 86ef252ac2bf449ecb1906e048655decae7fee26..62a65e07c7472dc312beccd9d756fe6783c16d3a 100644
--- a/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/deleteremotetokenstub_fuzzer.cpp
+++ b/test/fuzztest/services/accesstoken/deleteremotetokenstub_fuzzer/deleteremotetokenstub_fuzzer.cpp
@@ -62,7 +62,11 @@ namespace OHOS {
         if (enable) {
             AccessTokenID accesstoken = AccessTokenKit::GetNativeTokenId("token_sync_service");
             SetSelfTokenID(accesstoken);
-            AccessTokenInfoManager::GetInstance().Init();
+            uint32_t hapSize = 0;
+            uint32_t nativeSize = 0;
+            uint32_t pefDefSize = 0;
+            uint32_t dlpSize = 0;
+            AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize);
         }
         DelayedSingleton<AccessTokenManagerService>::GetInstance()->OnRemoteRequest(code, datas, reply, option);
         AccessTokenID hdcd = AccessTokenKit::GetNativeTokenId("hdcd");
diff --git a/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/gethaptokeninfofromremotestub_fuzzer.cpp b/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/gethaptokeninfofromremotestub_fuzzer.cpp
index 747adab6e8572712cb91c810f0b86561e5d6721b..bfe262fad796ff979432556db9d1fd8642daeb78 100644
--- a/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/gethaptokeninfofromremotestub_fuzzer.cpp
+++ b/test/fuzztest/services/accesstoken/gethaptokeninfofromremotestub_fuzzer/gethaptokeninfofromremotestub_fuzzer.cpp
@@ -57,7 +57,11 @@ namespace OHOS {
         if (enable) {
             AccessTokenID accesstoken = AccessTokenKit::GetNativeTokenId("token_sync_service");
             SetSelfTokenID(accesstoken);
-            AccessTokenInfoManager::GetInstance().Init();
+            uint32_t hapSize = 0;
+            uint32_t nativeSize = 0;
+            uint32_t pefDefSize = 0;
+            uint32_t dlpSize = 0;
+            AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize);
         }
         DelayedSingleton<AccessTokenManagerService>::GetInstance()->OnRemoteRequest(code, datas, reply, option);
         AccessTokenID hdcd = AccessTokenKit::GetNativeTokenId("hdcd");
diff --git a/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/getremotenativetokenidstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/getremotenativetokenidstub_fuzzer.cpp
index 2b823907860ca6d8f828c08702053217b66fbcdb..b07e48177dcac6c813c6fbb220691d6f5259872b 100644
--- a/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/getremotenativetokenidstub_fuzzer.cpp
+++ b/test/fuzztest/services/accesstoken/getremotenativetokenidstub_fuzzer/getremotenativetokenidstub_fuzzer.cpp
@@ -62,7 +62,11 @@ namespace OHOS {
         if (enable) {
             AccessTokenID accesstoken = AccessTokenKit::GetNativeTokenId("token_sync_service");
             SetSelfTokenID(accesstoken);
-            AccessTokenInfoManager::GetInstance().Init();
+            uint32_t hapSize = 0;
+            uint32_t nativeSize = 0;
+            uint32_t pefDefSize = 0;
+            uint32_t dlpSize = 0;
+            AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize);
         }
         DelayedSingleton<AccessTokenManagerService>::GetInstance()->OnRemoteRequest(code, datas, reply, option);
         AccessTokenID hdcd = AccessTokenKit::GetNativeTokenId("hdcd");
diff --git a/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/grantpermissionstub_fuzzer.cpp b/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/grantpermissionstub_fuzzer.cpp
index f7f3dff303ea71bdadfe143fec73b69c93f55874..6cd199315765d45c2ad066b8c1d268276739b0cf 100644
--- a/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/grantpermissionstub_fuzzer.cpp
+++ b/test/fuzztest/services/accesstoken/grantpermissionstub_fuzzer/grantpermissionstub_fuzzer.cpp
@@ -75,7 +75,11 @@ namespace OHOS {
             AccessTokenIDEx tokenIdEx = AccessTokenKit::AllocHapToken(g_InfoParms, g_PolicyPrams);
             tokenIdHap = tokenIdEx.tokenIDEx;
             SetSelfTokenID(tokenIdHap);
-            AccessTokenInfoManager::GetInstance().Init();
+            uint32_t hapSize = 0;
+            uint32_t nativeSize = 0;
+            uint32_t pefDefSize = 0;
+            uint32_t dlpSize = 0;
+            AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize);
         }
         bool enable = ((size % CONSTANTS_NUMBER_TWO) == 0);
         if (enable) {
diff --git a/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/setremotehaptokeninfostub_fuzzer.cpp b/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/setremotehaptokeninfostub_fuzzer.cpp
index 8cda4c996b4890eaa1120f6087f36ebc238a9ad0..4cbae9020360e6c49e310af3fe7cc0bab759588e 100644
--- a/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/setremotehaptokeninfostub_fuzzer.cpp
+++ b/test/fuzztest/services/accesstoken/setremotehaptokeninfostub_fuzzer/setremotehaptokeninfostub_fuzzer.cpp
@@ -96,7 +96,11 @@ namespace OHOS {
         if (enable) {
             AccessTokenID accesstoken = AccessTokenKit::GetNativeTokenId("token_sync_service");
             SetSelfTokenID(accesstoken);
-            AccessTokenInfoManager::GetInstance().Init();
+            uint32_t hapSize = 0;
+            uint32_t nativeSize = 0;
+            uint32_t pefDefSize = 0;
+            uint32_t dlpSize = 0;
+            AccessTokenInfoManager::GetInstance().Init(hapSize, nativeSize, pefDefSize, dlpSize);
         }
         DelayedSingleton<AccessTokenManagerService>::GetInstance()->OnRemoteRequest(code, datas, reply, option);
         AccessTokenID hdcd = AccessTokenKit::GetNativeTokenId("hdcd");