diff --git a/interfaces/innerkits/accesstoken/test/unittest/EdmPolicyTest/edm_policy_set_test.cpp b/interfaces/innerkits/accesstoken/test/unittest/EdmPolicyTest/edm_policy_set_test.cpp
index a9748cda7c0374357812debaff5c562e72d0e881..dad28610714376e4c6f8c3ec6922bda31436990d 100644
--- a/interfaces/innerkits/accesstoken/test/unittest/EdmPolicyTest/edm_policy_set_test.cpp
+++ b/interfaces/innerkits/accesstoken/test/unittest/EdmPolicyTest/edm_policy_set_test.cpp
@@ -657,26 +657,20 @@ HWTEST_F(EdmPolicySetTest, SetPermissionStatusWithPolicy001, TestSize.Level0)
     uint64_t selfTokenId = GetSelfTokenID();
     ASSERT_EQ(PERMISSION_GRANTED, AccessTokenKit::VerifyAccessToken(selfTokenId, MANAGE_EDM_POLICY, false));
 
+    uint32_t flag = 0;
     std::vector<std::string> permList = {MICROPHONE, CUSTOM_SCREEN_CAPTURE};
     std::vector<PermissionState> stateList = {PERMISSION_GRANTED, PERMISSION_DENIED};
     for (auto status : stateList) {
         GTEST_LOG_(INFO) << "SetPermissionStatusWithPolicy001 status: " << status;
         EXPECT_EQ(RET_SUCCESS,
-            AccessTokenKit::SetPermissionStatusWithPolicy(tokenID, permList, status, PERMISSION_FIXED_BY_ADMIN_POLICY));
+        AccessTokenKit::SetPermissionStatusWithPolicy(tokenID, permList, status, PERMISSION_FIXED_BY_ADMIN_POLICY));
         std::vector<PermissionListState> permsList;
         for (auto perm : permList) {
             GTEST_LOG_(INFO) << "SetPermissionStatusWithPolicy001 check perm: " << perm;
             EXPECT_EQ(status, AccessTokenKit::VerifyAccessToken(tokenID, perm, false));
-            permsList.push_back({perm, FORBIDDEN_OPER});
+            EXPECT_EQ(RET_SUCCESS, AccessTokenKit::GetPermissionFlag(tokenID, perm, flag));
+            EXPECT_EQ(PERMISSION_FIXED_BY_ADMIN_POLICY, flag);
         }
-        SetSelfTokenID(tokenID);
-        PermissionGrantInfo info;
-        EXPECT_EQ(PASS_OPER, AccessTokenKit::GetSelfPermissionsState(permsList, info));
-        EXPECT_EQ(status == PERMISSION_GRANTED ? PASS_OPER : INVALID_OPER, permsList[0].state);
-        EXPECT_EQ(status == PERMISSION_GRANTED ? REQ_SUCCESS : FIXED_BY_POLICY, permsList[0].errorReason);
-        EXPECT_EQ(status == PERMISSION_GRANTED ? PASS_OPER : INVALID_OPER, permsList[1].state);
-        EXPECT_EQ(status == PERMISSION_GRANTED ? REQ_SUCCESS : FIXED_BY_POLICY, permsList[1].errorReason);
-        SetSelfTokenID(selfTokenId);
     }
 
     EXPECT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenID));
@@ -864,10 +858,12 @@ HWTEST_F(EdmPolicySetTest, SetPermissionStatusWithPolicy007, TestSize.Level0)
 
     std::vector<std::string> permList = {MICROPHONE, CUSTOM_SCREEN_CAPTURE};
     uint32_t ret = RET_SUCCESS;
+    int32_t selfUid = getuid();
+    setuid(10001);
     ret = AccessTokenKit::SetPermissionStatusWithPolicy(
         tokenID, permList, PERMISSION_GRANTED, PERMISSION_FIXED_BY_ADMIN_POLICY);
     EXPECT_EQ(ERR_PERMISSION_DENIED, ret);
-
+    setuid(selfUid);
     EXPECT_EQ(RET_SUCCESS, TestCommon::DeleteTestHapToken(tokenID));
 }
 
@@ -1124,12 +1120,12 @@ HWTEST_F(EdmPolicySetTest, EdmTestGetSelfPermissionsState001, TestSize.Level0)
     EXPECT_EQ(PERMISSION_FIXED_BY_ADMIN_POLICY, flag);
     EXPECT_EQ(PERMISSION_DENIED, AccessTokenKit::VerifyAccessToken(tokenID, CUSTOM_SCREEN_CAPTURE, false));
 
-    // 2. get permission state is INVALID_OPER.
+    // 2. get permission state is FORBIDDEN_OPER.
     std::vector<PermissionListState> permsList = {{CUSTOM_SCREEN_CAPTURE}};
     PermissionGrantInfo info;
     SetSelfTokenID(tokenID);
-    EXPECT_EQ(PASS_OPER, AccessTokenKit::GetSelfPermissionsState(permsList, info));
-    EXPECT_EQ(INVALID_OPER, permsList[0].state);
+    EXPECT_EQ(FORBIDDEN_OPER, AccessTokenKit::GetSelfPermissionsState(permsList, info));
+    EXPECT_EQ(FORBIDDEN_OPER, permsList[0].state);
     SetSelfTokenID(selfTokenId);
 
     // 3. set flag is PERMISSION_ADMIN_POLICIES_CANCEL.
diff --git a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h
index f366a9568de8ddfb56be8188c8fcafed5f13c361..ffad5fda2fb8cf26e3d8798c829831f0b2a1dbef 100644
--- a/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h
+++ b/services/accesstokenmanager/main/cpp/include/service/accesstoken_manager_service.h
@@ -142,6 +142,7 @@ private:
     void GetConfigValue(uint32_t& parseConfigFlag);
     bool Initialize();
     void AccessTokenServiceParamSet() const;
+    bool isLocationPermSpecialHandle(std::string permissionName, int32_t apiVersion);
     PermissionOper GetPermissionsState(AccessTokenID tokenID, std::vector<PermissionListStateParcel>& reqPermList);
     int32_t UpdateHapTokenCore(AccessTokenIDEx& tokenIdEx, const UpdateHapInfoParams& info,
         const HapPolicyParcel& policyParcel, HapInfoCheckResultIdl& resultInfoIdl);
diff --git a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp
index 0a639ff588c0edb7187bdf906005cf75833e8918..45c054d7467f7dbfc534ac51c46eb43a32f46037 100644
--- a/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp
+++ b/services/accesstokenmanager/main/cpp/src/permission/permission_manager.cpp
@@ -210,7 +210,7 @@ static bool IsPermissionRestrictedByRules(const std::string& permission)
 bool PermissionManager::HandlePermissionDeniedCase(uint32_t goalGrantFlag, PermissionListState& permState)
 {
     if ((goalGrantFlag & PERMISSION_FIXED_BY_ADMIN_POLICY) != 0) {
-        permState.state = INVALID_OPER;
+        permState.state = FORBIDDEN_OPER;
         permState.errorReason = FIXED_BY_POLICY;
         return true;
     }
@@ -422,7 +422,7 @@ int32_t PermissionManager::UpdateMultiTokenPermissionState(const std::shared_ptr
     AccessTokenInfoManager::GetInstance().GetHapTokenInfo(tokenID, hapInfo);
     ClearThreadErrorMsg();
 
-    uint32_t ret = RET_SUCCESS;
+    int32_t ret = RET_SUCCESS;
     bool isHadSuccess = false;
     for (const std::string &permissionName : permissionList) {
         HiSysEventWrite(HiviewDFX::HiSysEvent::Domain::ACCESS_TOKEN, "UPDATE_PERMISSION",
diff --git a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp
index ff8b9519bf44f132cd8fe6f93c2ae60df7c134e9..00bc8b3e35b2e87978a2965f99c29158a735e6af 100644
--- a/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp
+++ b/services/accesstokenmanager/main/cpp/src/service/accesstoken_manager_service.cpp
@@ -342,6 +342,14 @@ static bool GetAppReqPermissions(AccessTokenID tokenID, std::vector<PermissionSt
     return true;
 }
 
+bool AccessTokenManagerService::isLocationPermSpecialHandle(std::string permissionName, int32_t apiVersion)
+{
+    return ((permissionName == VAGUE_LOCATION_PERMISSION_NAME) ||
+            (permissionName == ACCURATE_LOCATION_PERMISSION_NAME) ||
+            (permissionName == BACKGROUND_LOCATION_PERMISSION_NAME)) &&
+        (apiVersion >= ACCURATE_LOCATION_API_VERSION);
+}
+
 PermissionOper AccessTokenManagerService::GetPermissionsState(AccessTokenID tokenID,
     std::vector<PermissionListStateParcel>& reqPermList)
 {
@@ -353,6 +361,7 @@ PermissionOper AccessTokenManagerService::GetPermissionsState(AccessTokenID toke
     LOGI(ATM_DOMAIN, ATM_TAG, "TokenID: %{public}d, apiVersion: %{public}d", tokenID, apiVersion);
 
     bool needRes = false;
+    bool fixedByPolicyRes = false;
     std::vector<PermissionStatus> permsList;
     if (!GetAppReqPermissions(tokenID, permsList)) {
         return INVALID_OPER;
@@ -367,10 +376,7 @@ PermissionOper AccessTokenManagerService::GetPermissionsState(AccessTokenID toke
     uint32_t size = reqPermList.size();
     for (uint32_t i = 0; i < size; i++) {
         // api9 location permission special handle above
-        if (((reqPermList[i].permsState.permissionName == VAGUE_LOCATION_PERMISSION_NAME) ||
-            (reqPermList[i].permsState.permissionName == ACCURATE_LOCATION_PERMISSION_NAME) ||
-            (reqPermList[i].permsState.permissionName == BACKGROUND_LOCATION_PERMISSION_NAME)) &&
-            (apiVersion >= ACCURATE_LOCATION_API_VERSION)) {
+        if (isLocationPermSpecialHandle(reqPermList[i].permsState.permissionName, apiVersion)) {
             continue;
         }
 
@@ -378,6 +384,9 @@ PermissionOper AccessTokenManagerService::GetPermissionsState(AccessTokenID toke
         if (static_cast<PermissionOper>(reqPermList[i].permsState.state) == DYNAMIC_OPER) {
             needRes = true;
         }
+        if (static_cast<PermissionOper>(reqPermList[i].permsState.state) == FORBIDDEN_OPER) {
+            fixedByPolicyRes = true;
+        }
         LOGD(ATM_DOMAIN, ATM_TAG, "Perm: %{public}s, state: %{public}d",
             reqPermList[i].permsState.permissionName.c_str(), reqPermList[i].permsState.state);
     }
@@ -395,6 +404,9 @@ PermissionOper AccessTokenManagerService::GetPermissionsState(AccessTokenID toke
     if (needRes) {
         return DYNAMIC_OPER;
     }
+    if (fixedByPolicyRes) {
+        return FORBIDDEN_OPER;
+    }
     return PASS_OPER;
 }
 
diff --git a/services/accesstokenmanager/test/unittest/permission_manager_test.cpp b/services/accesstokenmanager/test/unittest/permission_manager_test.cpp
index 8efa635e2305fb00480fa9bc5b91f35856e2732e..8ffef6e49da635b12a83f6779ff7edbd3fe18f15 100644
--- a/services/accesstokenmanager/test/unittest/permission_manager_test.cpp
+++ b/services/accesstokenmanager/test/unittest/permission_manager_test.cpp
@@ -617,7 +617,7 @@ HWTEST_F(PermissionManagerTest, GetSelfPermissionState004, TestSize.Level0)
     int32_t apiVersion = ACCURATE_LOCATION_API_VERSION;
 
     PermissionManager::GetInstance().GetSelfPermissionState(permsList1, permState1, apiVersion);
-    ASSERT_EQ(PermissionOper::INVALID_OPER, permState1.state);
+    ASSERT_EQ(PermissionOper::FORBIDDEN_OPER, permState1.state);
 
     std::vector<PermissionStatus> permsList2;
     permsList2.emplace_back(g_permState11);