diff --git a/test/fuzztest/access_token/BUILD.gn b/test/fuzztest/access_token/BUILD.gn
index 69dee3310fe31a1f5c212738a3bae3d5f595e3a8..90aa611346b0cefb8da558031670f66f80a4ae6e 100644
--- a/test/fuzztest/access_token/BUILD.gn
+++ b/test/fuzztest/access_token/BUILD.gn
@@ -30,12 +30,16 @@ group("fuzztest") {
     "gethaptokeninfo_fuzzer:GetHapTokenInfoFuzzTest",
     "getnativetokeninfo_fuzzer:GetNativeTokenInfoFuzzTest",
     "getpermissionflags_fuzzer:GetPermissionFlagsFuzzTest",
+    "getreqpermissions_fuzzer:GetReqPermissionsFuzzTest",
+    "getselfpermissionsstate_fuzzer:GetSelfPermissionsStateFuzzTest",
     "gettokentype_fuzzer:GetTokenTypeFuzzTest",
     "gettokentypeflag_fuzzer:GetTokenTypeFlagFuzzTest",
     "grantpermission_fuzzer:GrantPermissionFuzzTest",
+    "registerpermstatechangecallback_fuzzer:RegisterPermStateChangeCallbackFuzzTest",
     "revokeusergrantedpermission_fuzzer:RevokeUserGrantedPermissionFuzzTest",
     "setremotehaptokeninfo_fuzzer:SetRemoteHapTokenInfoFuzzTest",
     "setremotenativetokeninfo_fuzzer:SetRemoteNativeTokenInfoFuzzTest",
+    "unregisterpermstatechangecallback_fuzzer:UnRegisterPermStateChangeCallbackFuzzTest",
     "updatehaptoken_fuzzer:UpdateHapTokenFuzzTest",
     "verifyaccesstoken001_fuzzer:VerifyAccessToken001FuzzTest",
     "verifyaccesstoken_fuzzer:VerifyAccessTokenFuzzTest",
diff --git a/test/fuzztest/access_token/alloclocaltokenid_fuzzer/alloclocaltokenid_fuzzer.cpp b/test/fuzztest/access_token/alloclocaltokenid_fuzzer/alloclocaltokenid_fuzzer.cpp
index 7a834474d955d777be7ba9637a2bdd5682ceca28..0f21d32ded7400c1a69efafcb63b3c598ea93d68 100644
--- a/test/fuzztest/access_token/alloclocaltokenid_fuzzer/alloclocaltokenid_fuzzer.cpp
+++ b/test/fuzztest/access_token/alloclocaltokenid_fuzzer/alloclocaltokenid_fuzzer.cpp
@@ -28,6 +28,9 @@ namespace OHOS {
     bool AllocLocalTokenIDFuzzTest(const uint8_t* data, size_t size)
     {
         AccessTokenID TOKENID = 0;
+        if ((data == nullptr) || (size <= 0)) {
+            return TOKENID != 0;
+        }
         if (size > 0) {
             std::string testName(reinterpret_cast<const char*>(data), size);
             AccessTokenID REMOTETOKENID = static_cast<AccessTokenID>(size);
diff --git a/test/fuzztest/access_token/checknativedcap_fuzzer/checknativedcap_fuzzer.cpp b/test/fuzztest/access_token/checknativedcap_fuzzer/checknativedcap_fuzzer.cpp
index f3403797a977cf26c2ee34ea7f7684a93999700f..7d65ab11ec08e214eaea88d69176a9339848f156 100644
--- a/test/fuzztest/access_token/checknativedcap_fuzzer/checknativedcap_fuzzer.cpp
+++ b/test/fuzztest/access_token/checknativedcap_fuzzer/checknativedcap_fuzzer.cpp
@@ -27,16 +27,16 @@ using namespace OHOS::Security::AccessToken;
 namespace OHOS {
     bool CheckNativeDCapFuzzTest(const uint8_t* data, size_t size)
     {
-        bool result = false;
+        int32_t result = RET_FAILED;
         if ((data == nullptr) || (size <= 0)) {
-            return result;
+            return result != RET_FAILED;
         }
         if (size > 0) {
             AccessTokenID TOKENID = static_cast<AccessTokenID>(size);
             std::string testName(reinterpret_cast<const char*>(data), size);
             result = AccessTokenKit::CheckNativeDCap(TOKENID, testName);
         }
-        return result;
+        return result == RET_SUCCESS;
     }
 }
 
diff --git a/test/fuzztest/access_token/clearusergrantedpermissionstate_fuzzer/clearusergrantedpermissionstate_fuzzer.cpp b/test/fuzztest/access_token/clearusergrantedpermissionstate_fuzzer/clearusergrantedpermissionstate_fuzzer.cpp
index 18f55fbd262993a1389e19297175a8f8de7cfa73..f73dbb1dc344165e693d4e3dc1e977f823d2d073 100644
--- a/test/fuzztest/access_token/clearusergrantedpermissionstate_fuzzer/clearusergrantedpermissionstate_fuzzer.cpp
+++ b/test/fuzztest/access_token/clearusergrantedpermissionstate_fuzzer/clearusergrantedpermissionstate_fuzzer.cpp
@@ -27,15 +27,15 @@ using namespace OHOS::Security::AccessToken;
 namespace OHOS {
     bool ClearUserGrantedPermissionStateFuzzTest(const uint8_t* data, size_t size)
     {
-        bool result = false;
+        int32_t result = RET_FAILED;
         if ((data == nullptr) || (size <= 0)) {
-            return result;
+            return result != RET_FAILED;
         }
         if (size > 0) {
             AccessTokenID TOKENID = static_cast<AccessTokenID>(size);
             result = AccessTokenKit::ClearUserGrantedPermissionState(TOKENID);
         }
-        return result;
+        return result == RET_SUCCESS;
     }
 }
 
diff --git a/test/fuzztest/access_token/deleteremotedevicetokens_fuzzer/deleteremotedevicetokens_fuzzer.cpp b/test/fuzztest/access_token/deleteremotedevicetokens_fuzzer/deleteremotedevicetokens_fuzzer.cpp
index e3960666a535dfbeb9b58b936309c0000dbfb1b9..19cf2b43bc87531375cb2ed19da70b84bf43ae0e 100644
--- a/test/fuzztest/access_token/deleteremotedevicetokens_fuzzer/deleteremotedevicetokens_fuzzer.cpp
+++ b/test/fuzztest/access_token/deleteremotedevicetokens_fuzzer/deleteremotedevicetokens_fuzzer.cpp
@@ -28,12 +28,12 @@ using namespace OHOS::Security::AccessToken;
 namespace OHOS {
     bool DeleteRemoteDeviceTokensFuzzTest(const uint8_t* data, size_t size)
     {
-        bool result = false;
+        int32_t result = RET_FAILED;
 
 #ifdef TOKEN_SYNC_ENABLE
 
         if ((data == nullptr) || (size <= 0)) {
-            return result;
+            return result != RET_FAILED;
         }
         if (size > 0) {
             std::string testName(reinterpret_cast<const char*>(data), size);
@@ -42,7 +42,7 @@ namespace OHOS {
         
 #endif
 
-        return result;
+        return result == RET_SUCCESS;
     }
 }
 
diff --git a/test/fuzztest/access_token/deleteremotetoken_fuzzer/deleteremotetoken_fuzzer.cpp b/test/fuzztest/access_token/deleteremotetoken_fuzzer/deleteremotetoken_fuzzer.cpp
index d422a42a5d0248c7510ba8c8f4af5fe9db86f281..2a86939976145cc9958421e372714d4a4ad4c49c 100644
--- a/test/fuzztest/access_token/deleteremotetoken_fuzzer/deleteremotetoken_fuzzer.cpp
+++ b/test/fuzztest/access_token/deleteremotetoken_fuzzer/deleteremotetoken_fuzzer.cpp
@@ -27,12 +27,12 @@ using namespace OHOS::Security::AccessToken;
 namespace OHOS {
     bool DeleteRemoteTokenFuzzTest(const uint8_t* data, size_t size)
     {
-        bool result = false;
+        int32_t result = RET_FAILED;
 
 #ifdef TOKEN_SYNC_ENABLE
 
         if ((data == nullptr) || (size <= 0)) {
-            return result;
+            return result != RET_FAILED;
         }
         if (size > 0) {
             AccessTokenID TOKENID = static_cast<AccessTokenID>(size);
@@ -42,7 +42,7 @@ namespace OHOS {
 
 #endif
 
-        return result;
+        return result == RET_SUCCESS;
     }
 }
 
diff --git a/test/fuzztest/access_token/deletetoken_fuzzer/deletetoken_fuzzer.cpp b/test/fuzztest/access_token/deletetoken_fuzzer/deletetoken_fuzzer.cpp
index 93cd4c843549dcad49abf15d9631e1d4f9efec15..ee3a696fb8e60f5b31549a180e9d7ee79a0cab46 100644
--- a/test/fuzztest/access_token/deletetoken_fuzzer/deletetoken_fuzzer.cpp
+++ b/test/fuzztest/access_token/deletetoken_fuzzer/deletetoken_fuzzer.cpp
@@ -27,15 +27,15 @@ using namespace OHOS::Security::AccessToken;
 namespace OHOS {
     bool DeleteTokenFuzzTest(const uint8_t* data, size_t size)
     {
-        bool result = false;
+        int32_t result = RET_FAILED;
         if ((data == nullptr) || (size <= 0)) {
-            return result;
+            return result != RET_FAILED;
         }
         if (size > 0) {
             AccessTokenID TOKENID = static_cast<AccessTokenID>(size);
             result = AccessTokenKit::DeleteToken(TOKENID);
         }
-        return result;
+        return result == RET_SUCCESS;
     }
 }
 
diff --git a/test/fuzztest/access_token/getdefpermission_fuzzer/getdefpermission_fuzzer.cpp b/test/fuzztest/access_token/getdefpermission_fuzzer/getdefpermission_fuzzer.cpp
index 558976a63cabf1d8f740a42d6c991f8c896441a0..d766eb37d6f9bd0fed9afacd6cd7a9de92d2c7ae 100644
--- a/test/fuzztest/access_token/getdefpermission_fuzzer/getdefpermission_fuzzer.cpp
+++ b/test/fuzztest/access_token/getdefpermission_fuzzer/getdefpermission_fuzzer.cpp
@@ -29,9 +29,9 @@ using namespace OHOS::Security::AccessToken;
 namespace OHOS {
     bool GetDefPermissionFuzzTest(const uint8_t* data, size_t size)
     {
-        bool result = false;
+        int32_t result = RET_FAILED;
         if ((data == nullptr) || (size <= 0)) {
-            return result;
+            return result != RET_FAILED;
         }
         if (size > 0) {
             std::string testName(reinterpret_cast<const char*>(data), size);
@@ -47,7 +47,7 @@ namespace OHOS {
             };
             result = AccessTokenKit::GetDefPermission(testName, PERMISSIONDEF);
         }
-        return result;
+        return result == RET_SUCCESS;
     }
 }
 
diff --git a/test/fuzztest/access_token/getdefpermissions_fuzzer/getdefpermissions_fuzzer.cpp b/test/fuzztest/access_token/getdefpermissions_fuzzer/getdefpermissions_fuzzer.cpp
index bc3dbd70691f8ad4ed86c93d598400bff1c233a1..a9e58fe35abf987b52b80cec0e3d230754c41c07 100644
--- a/test/fuzztest/access_token/getdefpermissions_fuzzer/getdefpermissions_fuzzer.cpp
+++ b/test/fuzztest/access_token/getdefpermissions_fuzzer/getdefpermissions_fuzzer.cpp
@@ -27,16 +27,16 @@ using namespace OHOS::Security::AccessToken;
 namespace OHOS {
     bool GetDefPermissionsFuzzTest(const uint8_t* data, size_t size)
     {
-        bool result = false;
+        int32_t result = RET_FAILED;
         if ((data == nullptr) || (size <= 0)) {
-            return result;
+            return result != RET_FAILED;
         }
         if (size > 0) {
             AccessTokenID TOKENID = static_cast<AccessTokenID>(size);
             std::vector<PermissionDef> permDefList;
             result = AccessTokenKit::GetDefPermissions(TOKENID, permDefList);
         }
-        return result;
+        return result == RET_SUCCESS;
     }
 }
 
diff --git a/test/fuzztest/access_token/gethaptokenid_fuzzer/gethaptokenid_fuzzer.cpp b/test/fuzztest/access_token/gethaptokenid_fuzzer/gethaptokenid_fuzzer.cpp
index de19c977837bfed0d2c8e8001610588872eb7d9e..9cce5f3c0c444fbd10bdf14dd9d2c1e515e58b8e 100644
--- a/test/fuzztest/access_token/gethaptokenid_fuzzer/gethaptokenid_fuzzer.cpp
+++ b/test/fuzztest/access_token/gethaptokenid_fuzzer/gethaptokenid_fuzzer.cpp
@@ -25,9 +25,9 @@ using namespace OHOS::Security::AccessToken;
 namespace OHOS {
     bool GetHapTokenIDFuzzTest(const uint8_t* data, size_t size)
     {
-        bool result = false;
+        int32_t result = RET_FAILED;
         if ((data == nullptr) || (size <= 0)) {
-            return result;
+            return result != RET_FAILED;
         }
         if (size >= 0) {
             int userID = static_cast<int>(size);
@@ -36,7 +36,7 @@ namespace OHOS {
             result = AccessTokenKit::GetHapTokenID(userID, testName, instIndex);
 
         }
-        return result;
+        return result == RET_SUCCESS;
     }
 }
 
diff --git a/test/fuzztest/access_token/gethaptokeninfo_fuzzer/gethaptokeninfo_fuzzer.cpp b/test/fuzztest/access_token/gethaptokeninfo_fuzzer/gethaptokeninfo_fuzzer.cpp
index 1bb724453afa8c3c75483b19daff6221dc060dc6..ba3cef61994a8b969fe81304b49c88d8a929df29 100644
--- a/test/fuzztest/access_token/gethaptokeninfo_fuzzer/gethaptokeninfo_fuzzer.cpp
+++ b/test/fuzztest/access_token/gethaptokeninfo_fuzzer/gethaptokeninfo_fuzzer.cpp
@@ -25,9 +25,9 @@ using namespace OHOS::Security::AccessToken;
 namespace OHOS {
     bool GetHapTokenInfoFuzzTest(const uint8_t* data, size_t size)
     {
-        bool result = false;
+        int32_t result = RET_FAILED;
         if ((data == nullptr) || (size <= 0)) {
-            return result;
+            return result != RET_FAILED;
         }
         if (size > 0) {
             int num = static_cast<int>(size);
@@ -47,7 +47,7 @@ namespace OHOS {
             };
             result = AccessTokenKit::GetHapTokenInfo(TOKENID, HapTokenInfotest);
         }
-        return result;
+        return result == RET_SUCCESS;
     }
 }
 
diff --git a/test/fuzztest/access_token/getnativetokeninfo_fuzzer/getnativetokeninfo_fuzzer.cpp b/test/fuzztest/access_token/getnativetokeninfo_fuzzer/getnativetokeninfo_fuzzer.cpp
index 4dd6305e13793020aa0f91b490089941650474d8..50f4684e6fc3585deedb338f89a482eaad39b00e 100644
--- a/test/fuzztest/access_token/getnativetokeninfo_fuzzer/getnativetokeninfo_fuzzer.cpp
+++ b/test/fuzztest/access_token/getnativetokeninfo_fuzzer/getnativetokeninfo_fuzzer.cpp
@@ -28,9 +28,9 @@ using namespace OHOS::Security::AccessToken;
 namespace OHOS {
     bool GetNativeTokenInfoFuzzTest(const uint8_t* data, size_t size)
     {
-        bool result = false;
+        int32_t result = RET_FAILED;
         if ((data == nullptr) || (size <= 0)) {
-            return result;
+            return result != RET_FAILED;
         }
         if (size > 0) {
             AccessTokenID TOKENID = static_cast<AccessTokenID>(size);
@@ -38,7 +38,7 @@ namespace OHOS {
             NativeTokenInfo NativeTokenInfotest;
             result = AccessTokenKit::GetNativeTokenInfo(TOKENID, NativeTokenInfotest);
         }
-        return result;
+        return result == RET_SUCCESS;
     }
 }
 
diff --git a/test/fuzztest/access_token/getpermissionflags_fuzzer/getpermissionflags_fuzzer.cpp b/test/fuzztest/access_token/getpermissionflags_fuzzer/getpermissionflags_fuzzer.cpp
index 644f266153bcfdbf889ed700b16aa0773f1932bc..7655648d0b976c3ab184b2be65ca1327eaf9ca34 100644
--- a/test/fuzztest/access_token/getpermissionflags_fuzzer/getpermissionflags_fuzzer.cpp
+++ b/test/fuzztest/access_token/getpermissionflags_fuzzer/getpermissionflags_fuzzer.cpp
@@ -27,16 +27,16 @@ using namespace OHOS::Security::AccessToken;
 namespace OHOS {
     bool GetPermissionFlagsFuzzTest(const uint8_t* data, size_t size)
     {
-        bool result = false;
+        int32_t result = RET_FAILED;
         if ((data == nullptr) || (size <= 0)) {
-            return result;
+            return result != RET_FAILED;
         }
         if (size > 0) {
             AccessTokenID TOKENID = static_cast<AccessTokenID>(size);
             std::string testName(reinterpret_cast<const char*>(data), size);
             result = AccessTokenKit::GetPermissionFlag(TOKENID, testName);
         }
-        return result;
+        return result == RET_SUCCESS;
     }
 }
 
diff --git a/test/fuzztest/access_token/getreqpermissions_fuzzer/BUILD.gn b/test/fuzztest/access_token/getreqpermissions_fuzzer/BUILD.gn
new file mode 100644
index 0000000000000000000000000000000000000000..a5862a8c48e5d8b6bb0d8402c9223400da42aa53
--- /dev/null
+++ b/test/fuzztest/access_token/getreqpermissions_fuzzer/BUILD.gn
@@ -0,0 +1,42 @@
+# Copyright (c) 2022 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/config/features.gni")
+import("//build/test.gni")
+
+module_output_path = "access_token/access_token"
+
+ohos_fuzztest("GetReqPermissionsFuzzTest") {
+  module_out_path = module_output_path
+  fuzz_config_file = "//base/security/access_token/test/fuzztest/access_token/getreqpermissions_fuzzer"
+
+  include_dirs = [
+    "//commonlibrary/c_utils/base/include",
+    "//base/security/access_token/interfaces/innerkits/accesstoken/include",
+  ]
+  cflags = [
+    "-g",
+    "-O0",
+    "-Wno-unused-variable",
+    "-fno-omit-frame-pointer",
+  ]
+  sources = [ "getreqpermissions_fuzzer.cpp" ]
+  deps = [ "//base/security/access_token/interfaces/innerkits/accesstoken:libaccesstoken_sdk" ]
+
+  configs = [ "//base/security/access_token/config:coverage_flags" ]
+
+  external_deps = [
+    "c_utils:utils",
+    "hiviewdfx_hilog_native:libhilog",
+  ]
+}
diff --git a/test/fuzztest/access_token/getreqpermissions_fuzzer/corpus/init b/test/fuzztest/access_token/getreqpermissions_fuzzer/corpus/init
new file mode 100644
index 0000000000000000000000000000000000000000..1b910144fb1ff33a40a44b1d2a491b1ab05b598b
--- /dev/null
+++ b/test/fuzztest/access_token/getreqpermissions_fuzzer/corpus/init
@@ -0,0 +1,13 @@
+# Copyright (c) 2022 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+FUZZ
\ No newline at end of file
diff --git a/test/fuzztest/access_token/getreqpermissions_fuzzer/getreqpermissions_fuzzer.cpp b/test/fuzztest/access_token/getreqpermissions_fuzzer/getreqpermissions_fuzzer.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..8972ecd9fc4bbb52e46e4c3019905593a196841a
--- /dev/null
+++ b/test/fuzztest/access_token/getreqpermissions_fuzzer/getreqpermissions_fuzzer.cpp
@@ -0,0 +1,48 @@
+/*
+ * Copyright (c) 2022 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "getreqpermissions_fuzzer.h"
+
+#include <string>
+#include <vector>
+#include <thread>
+#undef private
+#include "accesstoken_kit.h"
+
+using namespace OHOS::Security::AccessToken;
+
+namespace OHOS {
+    bool GetReqPermissionsFuzzTest(const uint8_t* data, size_t size)
+    {
+        int32_t result = RET_FAILED;
+        if ((data == nullptr) || (size <= 0)) {
+            return result != RET_FAILED;
+        }
+        if (size > 0) {
+            AccessTokenID TOKENID = static_cast<AccessTokenID>(size);
+            std::vector<PermissionStateFull> permStatSystemList;
+            result = AccessTokenKit::GetReqPermissions(TOKENID, permStatSystemList, true);
+        }
+        return result == RET_SUCCESS;
+    }
+}
+
+/* Fuzzer entry point */
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+    /* Run your code on data */
+    OHOS::GetReqPermissionsFuzzTest(data, size);
+    return 0;
+}
diff --git a/test/fuzztest/access_token/getreqpermissions_fuzzer/getreqpermissions_fuzzer.h b/test/fuzztest/access_token/getreqpermissions_fuzzer/getreqpermissions_fuzzer.h
new file mode 100644
index 0000000000000000000000000000000000000000..08ac0746b97ce6dc4c9f52c398de5be9c16b7e92
--- /dev/null
+++ b/test/fuzztest/access_token/getreqpermissions_fuzzer/getreqpermissions_fuzzer.h
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2022 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef TEST_FUZZTEST_GETREQPERMISSIONS_FUZZER_H
+#define TEST_FUZZTEST_GETREQPERMISSIONS_FUZZER_H
+
+#define FUZZ_PROJECT_NAME "getreqpermissions_fuzzer"
+
+#include <climits>
+#include <cstdlib>
+#include <cstdint>
+#include <cstdio>
+#include <fcntl.h>
+#include <unistd.h>
+
+#endif // TEST_FUZZTEST_GETREQPERMISSIONS_FUZZER_H
\ No newline at end of file
diff --git a/test/fuzztest/access_token/getreqpermissions_fuzzer/project.xml b/test/fuzztest/access_token/getreqpermissions_fuzzer/project.xml
new file mode 100644
index 0000000000000000000000000000000000000000..6e8ad2cfde8f8bda4beb6cabbe7efd8bc3c54eec
--- /dev/null
+++ b/test/fuzztest/access_token/getreqpermissions_fuzzer/project.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2022 Huawei Device Co., Ltd.
+
+     Licensed under the Apache License, Version 2.0 (the "License");
+     you may not use this file except in compliance with the License.
+     You may obtain a copy of the License at
+
+          http://www.apache.org/licenses/LICENSE-2.0
+
+     Unless required by applicable law or agreed to in writing, software
+     distributed under the License is distributed on an "AS IS" BASIS,
+     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+     See the License for the specific language governing permissions and
+     limitations under the License.
+-->
+<fuzz_config>
+  <fuzztest>
+    <!-- maximum length of a test input -->
+    <max_len>1000</max_len>
+    <!-- maximum total time in seconds to run the fuzzer -->
+    <max_total_time>300</max_total_time>
+    <!-- memory usage limit in Mb -->
+    <rss_limit_mb>4096</rss_limit_mb>
+  </fuzztest>
+</fuzz_config>
diff --git a/test/fuzztest/access_token/getselfpermissionsstate_fuzzer/BUILD.gn b/test/fuzztest/access_token/getselfpermissionsstate_fuzzer/BUILD.gn
new file mode 100644
index 0000000000000000000000000000000000000000..4fc804a0e04899f0b5512902d9c6021fc51c10f8
--- /dev/null
+++ b/test/fuzztest/access_token/getselfpermissionsstate_fuzzer/BUILD.gn
@@ -0,0 +1,42 @@
+# Copyright (c) 2022 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/config/features.gni")
+import("//build/test.gni")
+
+module_output_path = "access_token/access_token"
+
+ohos_fuzztest("GetSelfPermissionsStateFuzzTest") {
+  module_out_path = module_output_path
+  fuzz_config_file = "//base/security/access_token/test/fuzztest/access_token/getselfpermissionsstate_fuzzer"
+
+  include_dirs = [
+    "//commonlibrary/c_utils/base/include",
+    "//base/security/access_token/interfaces/innerkits/accesstoken/include",
+  ]
+  cflags = [
+    "-g",
+    "-O0",
+    "-Wno-unused-variable",
+    "-fno-omit-frame-pointer",
+  ]
+  sources = [ "getselfpermissionsstate_fuzzer.cpp" ]
+  deps = [ "//base/security/access_token/interfaces/innerkits/accesstoken:libaccesstoken_sdk" ]
+
+  configs = [ "//base/security/access_token/config:coverage_flags" ]
+
+  external_deps = [
+    "c_utils:utils",
+    "hiviewdfx_hilog_native:libhilog",
+  ]
+}
diff --git a/test/fuzztest/access_token/getselfpermissionsstate_fuzzer/corpus/init b/test/fuzztest/access_token/getselfpermissionsstate_fuzzer/corpus/init
new file mode 100644
index 0000000000000000000000000000000000000000..1b910144fb1ff33a40a44b1d2a491b1ab05b598b
--- /dev/null
+++ b/test/fuzztest/access_token/getselfpermissionsstate_fuzzer/corpus/init
@@ -0,0 +1,13 @@
+# Copyright (c) 2022 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+FUZZ
\ No newline at end of file
diff --git a/test/fuzztest/access_token/getselfpermissionsstate_fuzzer/getselfpermissionsstate_fuzzer.cpp b/test/fuzztest/access_token/getselfpermissionsstate_fuzzer/getselfpermissionsstate_fuzzer.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..3d158e62256edcf1071246c1481555ad4ab20bad
--- /dev/null
+++ b/test/fuzztest/access_token/getselfpermissionsstate_fuzzer/getselfpermissionsstate_fuzzer.cpp
@@ -0,0 +1,54 @@
+/*
+ * Copyright (c) 2022 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "getselfpermissionsstate_fuzzer.h"
+
+#include <string>
+#include <vector>
+#include <thread>
+#undef private
+#include "accesstoken_kit.h"
+
+using namespace std;
+using namespace OHOS::Security::AccessToken;
+
+namespace OHOS {
+    bool GetSelfPermissionsStateFuzzTest(const uint8_t* data, size_t size)
+    {
+        int32_t result = RET_FAILED;
+        if ((data == nullptr) || (size <= 0)) {
+            return result != RET_FAILED;
+        }
+        if (size > 0) {
+            std::vector<PermissionListState> permsList1;
+            std::string testName(reinterpret_cast<const char*>(data), size);
+            PermissionListState perm1 = {
+                .permissionName = testName,
+                .state = -1,
+            };
+            permsList1.emplace_back(perm1);
+            result = AccessTokenKit::GetSelfPermissionsState(permsList1);
+        }
+        return result == RET_SUCCESS;
+    }
+}
+
+/* Fuzzer entry point */
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+    /* Run your code on data */
+    OHOS::GetSelfPermissionsStateFuzzTest(data, size);
+    return 0;
+}
diff --git a/test/fuzztest/access_token/getselfpermissionsstate_fuzzer/getselfpermissionsstate_fuzzer.h b/test/fuzztest/access_token/getselfpermissionsstate_fuzzer/getselfpermissionsstate_fuzzer.h
new file mode 100644
index 0000000000000000000000000000000000000000..55e56689292c96b1bcf9ba7460cdfe64ac4bbe0f
--- /dev/null
+++ b/test/fuzztest/access_token/getselfpermissionsstate_fuzzer/getselfpermissionsstate_fuzzer.h
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2022 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef TEST_FUZZTEST_GETSELFPERMISSIONSSTATE_FUZZER_H
+#define TEST_FUZZTEST_GETSELFPERMISSIONSSTATE_FUZZER_H
+
+#define FUZZ_PROJECT_NAME "getselfpermissionsstate_fuzzer"
+
+#include <climits>
+#include <cstdlib>
+#include <cstdint>
+#include <cstdio>
+#include <fcntl.h>
+#include <unistd.h>
+
+#endif // TEST_FUZZTEST_GETSELFPERMISSIONSSTATE_FUZZER_H
\ No newline at end of file
diff --git a/test/fuzztest/access_token/getselfpermissionsstate_fuzzer/project.xml b/test/fuzztest/access_token/getselfpermissionsstate_fuzzer/project.xml
new file mode 100644
index 0000000000000000000000000000000000000000..6e8ad2cfde8f8bda4beb6cabbe7efd8bc3c54eec
--- /dev/null
+++ b/test/fuzztest/access_token/getselfpermissionsstate_fuzzer/project.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2022 Huawei Device Co., Ltd.
+
+     Licensed under the Apache License, Version 2.0 (the "License");
+     you may not use this file except in compliance with the License.
+     You may obtain a copy of the License at
+
+          http://www.apache.org/licenses/LICENSE-2.0
+
+     Unless required by applicable law or agreed to in writing, software
+     distributed under the License is distributed on an "AS IS" BASIS,
+     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+     See the License for the specific language governing permissions and
+     limitations under the License.
+-->
+<fuzz_config>
+  <fuzztest>
+    <!-- maximum length of a test input -->
+    <max_len>1000</max_len>
+    <!-- maximum total time in seconds to run the fuzzer -->
+    <max_total_time>300</max_total_time>
+    <!-- memory usage limit in Mb -->
+    <rss_limit_mb>4096</rss_limit_mb>
+  </fuzztest>
+</fuzz_config>
diff --git a/test/fuzztest/access_token/gettokentype_fuzzer/gettokentype_fuzzer.cpp b/test/fuzztest/access_token/gettokentype_fuzzer/gettokentype_fuzzer.cpp
index dffc609e95577bb26e26d2a3157dfd447d57aff1..fe290dfa59ce15138f68bbeaa7e0faec00b59e38 100644
--- a/test/fuzztest/access_token/gettokentype_fuzzer/gettokentype_fuzzer.cpp
+++ b/test/fuzztest/access_token/gettokentype_fuzzer/gettokentype_fuzzer.cpp
@@ -24,17 +24,17 @@ using namespace OHOS::Security::AccessToken;
 namespace OHOS {
     bool GetTokenTypeFuzzTest(const uint8_t* data, size_t size)
     {
-        bool result = false;
+        int32_t result = RET_FAILED;
         ATokenTypeEnum ATokenType;
         if ((data == nullptr) || (size <= 0)) {
-            return result;
+            return result != RET_FAILED;
         }
         if (size > 0) {
             AccessTokenID TOKENID = static_cast<AccessTokenID>(size);
             ATokenType = AccessTokenKit::GetTokenType(TOKENID);
             result = true;
         }
-        return result;
+        return result == RET_SUCCESS;
     }
 }
 
diff --git a/test/fuzztest/access_token/gettokentypeflag_fuzzer/gettokentypeflag_fuzzer.cpp b/test/fuzztest/access_token/gettokentypeflag_fuzzer/gettokentypeflag_fuzzer.cpp
index ce7732073416d8972c82dc70c250e8454b96fdc0..c6a7de769504ae6b215e16cc8307abb1e15536da 100644
--- a/test/fuzztest/access_token/gettokentypeflag_fuzzer/gettokentypeflag_fuzzer.cpp
+++ b/test/fuzztest/access_token/gettokentypeflag_fuzzer/gettokentypeflag_fuzzer.cpp
@@ -24,15 +24,15 @@ using namespace OHOS::Security::AccessToken;
 namespace OHOS {
     bool GetTokenTypeFlagFuzzTest(const uint8_t* data, size_t size)
     {
-        bool result = false;
+        int32_t result = RET_FAILED;
         if ((data == nullptr) || (size <= 0)) {
-            return result;
+            return result != RET_FAILED;
         }
         if (size > 0) {
             AccessTokenID TOKENID = static_cast<AccessTokenID>(size);
             result = AccessTokenKit::GetTokenTypeFlag(TOKENID);
         }
-        return result;
+        return result == RET_SUCCESS;
     }
 }
 
diff --git a/test/fuzztest/access_token/grantpermission_fuzzer/grantpermission_fuzzer.cpp b/test/fuzztest/access_token/grantpermission_fuzzer/grantpermission_fuzzer.cpp
index c0ededf133a9fdfc08b26beabf013fdfe38c3551..93077a6418e734168f239f7bebc38fac9d24a1d5 100644
--- a/test/fuzztest/access_token/grantpermission_fuzzer/grantpermission_fuzzer.cpp
+++ b/test/fuzztest/access_token/grantpermission_fuzzer/grantpermission_fuzzer.cpp
@@ -27,16 +27,16 @@ using namespace OHOS::Security::AccessToken;
 namespace OHOS {
     bool GrantPermissionFuzzTest(const uint8_t* data, size_t size)
     {
-        bool result = false;
+        int32_t result = RET_FAILED;
         if ((data == nullptr) || (size <= 0)) {
-            return result;
+            return result != RET_FAILED;
         }
         if (size > 0) {
             AccessTokenID TOKENID = static_cast<AccessTokenID>(size);
             std::string testName(reinterpret_cast<const char*>(data), size);
             result = AccessTokenKit::GrantPermission(TOKENID, testName, 0);
         }
-        return result;
+        return result == RET_SUCCESS;
     }
 }
 
diff --git a/test/fuzztest/access_token/registerpermstatechangecallback_fuzzer/BUILD.gn b/test/fuzztest/access_token/registerpermstatechangecallback_fuzzer/BUILD.gn
new file mode 100644
index 0000000000000000000000000000000000000000..63f29ee5fd62385905e1140932660a67c4f0206d
--- /dev/null
+++ b/test/fuzztest/access_token/registerpermstatechangecallback_fuzzer/BUILD.gn
@@ -0,0 +1,42 @@
+# Copyright (c) 2022 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/config/features.gni")
+import("//build/test.gni")
+
+module_output_path = "access_token/access_token"
+
+ohos_fuzztest("RegisterPermStateChangeCallbackFuzzTest") {
+  module_out_path = module_output_path
+  fuzz_config_file = "//base/security/access_token/test/fuzztest/access_token/registerpermstatechangecallback_fuzzer"
+
+  include_dirs = [
+    "//commonlibrary/c_utils/base/include",
+    "//base/security/access_token/interfaces/innerkits/accesstoken/include",
+  ]
+  cflags = [
+    "-g",
+    "-O0",
+    "-Wno-unused-variable",
+    "-fno-omit-frame-pointer",
+  ]
+  sources = [ "registerpermstatechangecallback_fuzzer.cpp" ]
+  deps = [ "//base/security/access_token/interfaces/innerkits/accesstoken:libaccesstoken_sdk" ]
+
+  configs = [ "//base/security/access_token/config:coverage_flags" ]
+
+  external_deps = [
+    "c_utils:utils",
+    "hiviewdfx_hilog_native:libhilog",
+  ]
+}
diff --git a/test/fuzztest/access_token/registerpermstatechangecallback_fuzzer/corpus/init b/test/fuzztest/access_token/registerpermstatechangecallback_fuzzer/corpus/init
new file mode 100644
index 0000000000000000000000000000000000000000..1b910144fb1ff33a40a44b1d2a491b1ab05b598b
--- /dev/null
+++ b/test/fuzztest/access_token/registerpermstatechangecallback_fuzzer/corpus/init
@@ -0,0 +1,13 @@
+# Copyright (c) 2022 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+FUZZ
\ No newline at end of file
diff --git a/test/fuzztest/access_token/registerpermstatechangecallback_fuzzer/project.xml b/test/fuzztest/access_token/registerpermstatechangecallback_fuzzer/project.xml
new file mode 100644
index 0000000000000000000000000000000000000000..6e8ad2cfde8f8bda4beb6cabbe7efd8bc3c54eec
--- /dev/null
+++ b/test/fuzztest/access_token/registerpermstatechangecallback_fuzzer/project.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2022 Huawei Device Co., Ltd.
+
+     Licensed under the Apache License, Version 2.0 (the "License");
+     you may not use this file except in compliance with the License.
+     You may obtain a copy of the License at
+
+          http://www.apache.org/licenses/LICENSE-2.0
+
+     Unless required by applicable law or agreed to in writing, software
+     distributed under the License is distributed on an "AS IS" BASIS,
+     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+     See the License for the specific language governing permissions and
+     limitations under the License.
+-->
+<fuzz_config>
+  <fuzztest>
+    <!-- maximum length of a test input -->
+    <max_len>1000</max_len>
+    <!-- maximum total time in seconds to run the fuzzer -->
+    <max_total_time>300</max_total_time>
+    <!-- memory usage limit in Mb -->
+    <rss_limit_mb>4096</rss_limit_mb>
+  </fuzztest>
+</fuzz_config>
diff --git a/test/fuzztest/access_token/registerpermstatechangecallback_fuzzer/registerpermstatechangecallback_fuzzer.cpp b/test/fuzztest/access_token/registerpermstatechangecallback_fuzzer/registerpermstatechangecallback_fuzzer.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..091e593449a020145fe8ad77e5a46da85e57789a
--- /dev/null
+++ b/test/fuzztest/access_token/registerpermstatechangecallback_fuzzer/registerpermstatechangecallback_fuzzer.cpp
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 2022 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "registerpermstatechangecallback_fuzzer.h"
+
+#include <string>
+#include <vector>
+#include <thread>
+#undef private
+#include "accesstoken_kit.h"
+
+using namespace std;
+using namespace OHOS::Security::AccessToken;
+
+class CbCustomizeTest : public PermStateChangeCallbackCustomize {
+public:
+    explicit CbCustomizeTest(const PermStateChangeScope &scopeInfo)
+        : PermStateChangeCallbackCustomize(scopeInfo)
+    {
+    }
+
+    ~CbCustomizeTest()
+    {}
+
+    virtual void PermStateChangeCallback(PermStateChangeInfo& result)
+    {
+        ready_ = true;
+    }
+
+    bool ready_;
+};
+
+namespace OHOS {
+    bool RegisterPermStateChangeCallbackFuzzTest(const uint8_t* data, size_t size)
+    {
+        int32_t result = RET_FAILED;
+        if ((data == nullptr) || (size <= 0)) {
+            return result != RET_FAILED;
+        }
+        if (size > 0) {
+            PermStateChangeScope scopeInfo;
+            std::string testName(reinterpret_cast<const char*>(data), size);
+            AccessTokenID TOKENID = static_cast<AccessTokenID>(size);
+            scopeInfo.permList = { testName };
+            scopeInfo.tokenIDs = { TOKENID };
+            auto callbackPtr = std::make_shared<CbCustomizeTest>(scopeInfo);
+            result = AccessTokenKit::RegisterPermStateChangeCallback(callbackPtr);
+        }
+        return result == RET_SUCCESS;
+    }
+}
+
+/* Fuzzer entry point */
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+    /* Run your code on data */
+    OHOS::RegisterPermStateChangeCallbackFuzzTest(data, size);
+    return 0;
+}
diff --git a/test/fuzztest/access_token/registerpermstatechangecallback_fuzzer/registerpermstatechangecallback_fuzzer.h b/test/fuzztest/access_token/registerpermstatechangecallback_fuzzer/registerpermstatechangecallback_fuzzer.h
new file mode 100644
index 0000000000000000000000000000000000000000..e1e8912fabe4da5e6c91cf6872eff829e5b07dfe
--- /dev/null
+++ b/test/fuzztest/access_token/registerpermstatechangecallback_fuzzer/registerpermstatechangecallback_fuzzer.h
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2022 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef TEST_FUZZTEST_REGISTERPERMSTATECHANGECALLBACK_FUZZER_H
+#define TEST_FUZZTEST_REGISTERPERMSTATECHANGECALLBACK_FUZZER_H
+
+#define FUZZ_PROJECT_NAME "registerpermstatechangecallback_fuzzer"
+
+#include <climits>
+#include <cstdlib>
+#include <cstdint>
+#include <cstdio>
+#include <fcntl.h>
+#include <unistd.h>
+
+#endif // TEST_FUZZTEST_REGISTERPERMSTATECHANGECALLBACK_FUZZER_H
\ No newline at end of file
diff --git a/test/fuzztest/access_token/revokeusergrantedpermission_fuzzer/revokeusergrantedpermission_fuzzer.cpp b/test/fuzztest/access_token/revokeusergrantedpermission_fuzzer/revokeusergrantedpermission_fuzzer.cpp
index 7dcc443c7815703d9af3b52e54475cc07de9cd3d..91378ce7fa8f61ba4f1831d02704b06cd4827488 100644
--- a/test/fuzztest/access_token/revokeusergrantedpermission_fuzzer/revokeusergrantedpermission_fuzzer.cpp
+++ b/test/fuzztest/access_token/revokeusergrantedpermission_fuzzer/revokeusergrantedpermission_fuzzer.cpp
@@ -27,16 +27,16 @@ using namespace OHOS::Security::AccessToken;
 namespace OHOS {
     bool RevokeUserGrantedPermissionFuzzTest(const uint8_t* data, size_t size)
     {
-        bool result = false;
+        int32_t result = RET_FAILED;
         if ((data == nullptr) || (size <= 0)) {
-            return result;
+            return result != RET_FAILED;
         }
         if (size > 0) {
             AccessTokenID TOKENID = static_cast<AccessTokenID>(size);
             std::string testName(reinterpret_cast<const char*>(data), size);
             result = AccessTokenKit::RevokePermission(TOKENID, testName, 0);
         }
-        return result;
+        return result == RET_SUCCESS;
     }
 }
 
diff --git a/test/fuzztest/access_token/setremotehaptokeninfo_fuzzer/setremotehaptokeninfo_fuzzer.cpp b/test/fuzztest/access_token/setremotehaptokeninfo_fuzzer/setremotehaptokeninfo_fuzzer.cpp
index 4c2a41b19022803bfa825b98fbbf7f253c96872e..99dfe49d965e4e0acd1064ca810faec033121f75 100644
--- a/test/fuzztest/access_token/setremotehaptokeninfo_fuzzer/setremotehaptokeninfo_fuzzer.cpp
+++ b/test/fuzztest/access_token/setremotehaptokeninfo_fuzzer/setremotehaptokeninfo_fuzzer.cpp
@@ -27,10 +27,10 @@ using namespace OHOS::Security::AccessToken;
 namespace OHOS {
     bool SetRemoteHapTokenInfoFuzzTest(const uint8_t* data, size_t size)
     {
-        bool result = false;
+        int32_t result = RET_FAILED;
 #ifdef TOKEN_SYNC_ENABLE
         if ((data == nullptr) || (size <= 0)) {
-            return result;
+            return result != RET_FAILED;
         }
         if (size > 0) {
             std::string testName(reinterpret_cast<const char*>(data), size);
@@ -62,7 +62,7 @@ namespace OHOS {
             result = AccessTokenKit::SetRemoteHapTokenInfo(testName, remoteTokenInfo);
         }
 #endif
-        return result;
+        return result == RET_SUCCESS;
     }
 }
 
diff --git a/test/fuzztest/access_token/setremotenativetokeninfo_fuzzer/setremotenativetokeninfo_fuzzer.cpp b/test/fuzztest/access_token/setremotenativetokeninfo_fuzzer/setremotenativetokeninfo_fuzzer.cpp
index 73aaf6003ab6dbaffb448feae16f5fa28455e783..786ac94ed1bd479374c8a36168694b16fb272a3a 100644
--- a/test/fuzztest/access_token/setremotenativetokeninfo_fuzzer/setremotenativetokeninfo_fuzzer.cpp
+++ b/test/fuzztest/access_token/setremotenativetokeninfo_fuzzer/setremotenativetokeninfo_fuzzer.cpp
@@ -27,12 +27,12 @@ using namespace OHOS::Security::AccessToken;
 namespace OHOS {
     bool SetRemoteNativeTokenInfoFuzzTest(const uint8_t* data, size_t size)
     {
-        bool result = false;
+        int32_t result = RET_FAILED;
 
 #ifdef TOKEN_SYNC_ENABLE
 
         if ((data == nullptr) || (size <= 0)) {
-            return result;
+            return result != RET_FAILED;
         }
         if (size > 0) {
             std::string testName(reinterpret_cast<const char*>(data), size);
@@ -55,7 +55,7 @@ namespace OHOS {
 
 #endif
 
-        return result;
+        return result == RET_SUCCESS;
     }
 }
 
diff --git a/test/fuzztest/access_token/unregisterpermstatechangecallback_fuzzer/BUILD.gn b/test/fuzztest/access_token/unregisterpermstatechangecallback_fuzzer/BUILD.gn
new file mode 100644
index 0000000000000000000000000000000000000000..518d653a5035d6df7dc88ec927e220fc5fbaaab8
--- /dev/null
+++ b/test/fuzztest/access_token/unregisterpermstatechangecallback_fuzzer/BUILD.gn
@@ -0,0 +1,42 @@
+# Copyright (c) 2022 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+import("//build/config/features.gni")
+import("//build/test.gni")
+
+module_output_path = "access_token/access_token"
+
+ohos_fuzztest("UnRegisterPermStateChangeCallbackFuzzTest") {
+  module_out_path = module_output_path
+  fuzz_config_file = "//base/security/access_token/test/fuzztest/access_token/unregisterpermstatechangecallback_fuzzer"
+
+  include_dirs = [
+    "//commonlibrary/c_utils/base/include",
+    "//base/security/access_token/interfaces/innerkits/accesstoken/include",
+  ]
+  cflags = [
+    "-g",
+    "-O0",
+    "-Wno-unused-variable",
+    "-fno-omit-frame-pointer",
+  ]
+  sources = [ "unregisterpermstatechangecallback_fuzzer.cpp" ]
+  deps = [ "//base/security/access_token/interfaces/innerkits/accesstoken:libaccesstoken_sdk" ]
+
+  configs = [ "//base/security/access_token/config:coverage_flags" ]
+
+  external_deps = [
+    "c_utils:utils",
+    "hiviewdfx_hilog_native:libhilog",
+  ]
+}
diff --git a/test/fuzztest/access_token/unregisterpermstatechangecallback_fuzzer/corpus/init b/test/fuzztest/access_token/unregisterpermstatechangecallback_fuzzer/corpus/init
new file mode 100644
index 0000000000000000000000000000000000000000..1b910144fb1ff33a40a44b1d2a491b1ab05b598b
--- /dev/null
+++ b/test/fuzztest/access_token/unregisterpermstatechangecallback_fuzzer/corpus/init
@@ -0,0 +1,13 @@
+# Copyright (c) 2022 Huawei Device Co., Ltd.
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+FUZZ
\ No newline at end of file
diff --git a/test/fuzztest/access_token/unregisterpermstatechangecallback_fuzzer/project.xml b/test/fuzztest/access_token/unregisterpermstatechangecallback_fuzzer/project.xml
new file mode 100644
index 0000000000000000000000000000000000000000..6e8ad2cfde8f8bda4beb6cabbe7efd8bc3c54eec
--- /dev/null
+++ b/test/fuzztest/access_token/unregisterpermstatechangecallback_fuzzer/project.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Copyright (c) 2022 Huawei Device Co., Ltd.
+
+     Licensed under the Apache License, Version 2.0 (the "License");
+     you may not use this file except in compliance with the License.
+     You may obtain a copy of the License at
+
+          http://www.apache.org/licenses/LICENSE-2.0
+
+     Unless required by applicable law or agreed to in writing, software
+     distributed under the License is distributed on an "AS IS" BASIS,
+     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+     See the License for the specific language governing permissions and
+     limitations under the License.
+-->
+<fuzz_config>
+  <fuzztest>
+    <!-- maximum length of a test input -->
+    <max_len>1000</max_len>
+    <!-- maximum total time in seconds to run the fuzzer -->
+    <max_total_time>300</max_total_time>
+    <!-- memory usage limit in Mb -->
+    <rss_limit_mb>4096</rss_limit_mb>
+  </fuzztest>
+</fuzz_config>
diff --git a/test/fuzztest/access_token/unregisterpermstatechangecallback_fuzzer/unregisterpermstatechangecallback_fuzzer.cpp b/test/fuzztest/access_token/unregisterpermstatechangecallback_fuzzer/unregisterpermstatechangecallback_fuzzer.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..db1e42159f7e6a71b39e143caa2f2e37d4126403
--- /dev/null
+++ b/test/fuzztest/access_token/unregisterpermstatechangecallback_fuzzer/unregisterpermstatechangecallback_fuzzer.cpp
@@ -0,0 +1,71 @@
+/*
+ * Copyright (c) 2022 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "unregisterpermstatechangecallback_fuzzer.h"
+
+#include <string>
+#include <vector>
+#include <thread>
+#undef private
+#include "accesstoken_kit.h"
+
+using namespace std;
+using namespace OHOS::Security::AccessToken;
+
+class CbCustomizeTest : public PermStateChangeCallbackCustomize {
+public:
+    explicit CbCustomizeTest(const PermStateChangeScope &scopeInfo)
+        : PermStateChangeCallbackCustomize(scopeInfo)
+    {
+    }
+
+    ~CbCustomizeTest()
+    {}
+
+    virtual void PermStateChangeCallback(PermStateChangeInfo& result)
+    {
+        ready_ = true;
+    }
+
+    bool ready_;
+};
+
+namespace OHOS {
+    bool UnRegisterPermStateChangeCallbackFuzzTest(const uint8_t* data, size_t size)
+    {
+        int32_t result = RET_FAILED;
+        if ((data == nullptr) || (size <= 0)) {
+            return result != RET_FAILED;
+        }
+        if (size > 0) {
+            PermStateChangeScope scopeInfo;
+            std::string testName(reinterpret_cast<const char*>(data), size);
+            AccessTokenID TOKENID = static_cast<AccessTokenID>(size);
+            scopeInfo.permList = { testName };
+            scopeInfo.tokenIDs = { TOKENID };
+            auto callbackPtr = std::make_shared<CbCustomizeTest>(scopeInfo);
+            result = AccessTokenKit::UnRegisterPermStateChangeCallback(callbackPtr);
+        }
+        return result == RET_SUCCESS;
+    }
+}
+
+/* Fuzzer entry point */
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t* data, size_t size)
+{
+    /* Run your code on data */
+    OHOS::UnRegisterPermStateChangeCallbackFuzzTest(data, size);
+    return 0;
+}
diff --git a/test/fuzztest/access_token/unregisterpermstatechangecallback_fuzzer/unregisterpermstatechangecallback_fuzzer.h b/test/fuzztest/access_token/unregisterpermstatechangecallback_fuzzer/unregisterpermstatechangecallback_fuzzer.h
new file mode 100644
index 0000000000000000000000000000000000000000..683a6e9a92ed59f3571312af69c4ba868001e22d
--- /dev/null
+++ b/test/fuzztest/access_token/unregisterpermstatechangecallback_fuzzer/unregisterpermstatechangecallback_fuzzer.h
@@ -0,0 +1,28 @@
+/*
+ * Copyright (c) 2022 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#ifndef TEST_FUZZTEST_UNREGISTERPERMSTATECHANGECALLBACK_FUZZER_H
+#define TEST_FUZZTEST_UNREGISTERPERMSTATECHANGECALLBACK_FUZZER_H
+
+#define FUZZ_PROJECT_NAME "unregisterpermstatechangecallback_fuzzer"
+
+#include <climits>
+#include <cstdlib>
+#include <cstdint>
+#include <cstdio>
+#include <fcntl.h>
+#include <unistd.h>
+
+#endif // TEST_FUZZTEST_UNREGISTERPERMSTATECHANGECALLBACK_FUZZER_H
\ No newline at end of file
diff --git a/test/fuzztest/access_token/updatehaptoken_fuzzer/updatehaptoken_fuzzer.cpp b/test/fuzztest/access_token/updatehaptoken_fuzzer/updatehaptoken_fuzzer.cpp
index 030d7fe1345db33944058fa1da14b3b5b867543e..37fa5203e8eea91166a8e4b8a8d4b05dfb4fcefb 100644
--- a/test/fuzztest/access_token/updatehaptoken_fuzzer/updatehaptoken_fuzzer.cpp
+++ b/test/fuzztest/access_token/updatehaptoken_fuzzer/updatehaptoken_fuzzer.cpp
@@ -27,9 +27,9 @@ using namespace OHOS::Security::AccessToken;
 namespace OHOS {
     bool UpdateHapTokenFuzzTest(const uint8_t* data, size_t size)
     {
-        bool result = false;
+        int32_t result = RET_FAILED;
         if ((data == nullptr) || (size <= 0)) {
-            return result;
+            return result != RET_FAILED;
         }
         if (size > 0) {
             AccessTokenID TOKENID = static_cast<AccessTokenID>(size);
@@ -60,7 +60,7 @@ namespace OHOS {
             constexpr int32_t DEFAULT_API_VERSION = 8;
             result = AccessTokenKit::UpdateHapToken(TOKENID, testName, DEFAULT_API_VERSION, TestPolicyPrams);
         }
-        return result;
+        return result == RET_SUCCESS;
     }
 }
 
diff --git a/test/fuzztest/access_token/verifyaccesstoken001_fuzzer/verifyaccesstoken001_fuzzer.cpp b/test/fuzztest/access_token/verifyaccesstoken001_fuzzer/verifyaccesstoken001_fuzzer.cpp
index 659df6dcbb7a08d6275b16ba33e8c7613dc7b33d..f55d3238c55fbab6a605c3b8d060aff6b065ef0a 100644
--- a/test/fuzztest/access_token/verifyaccesstoken001_fuzzer/verifyaccesstoken001_fuzzer.cpp
+++ b/test/fuzztest/access_token/verifyaccesstoken001_fuzzer/verifyaccesstoken001_fuzzer.cpp
@@ -27,16 +27,16 @@ using namespace OHOS::Security::AccessToken;
 namespace OHOS {
     bool VerifyAccessToken001FuzzTest(const uint8_t* data, size_t size)
     {
-        bool result = false;
+        int32_t result = RET_FAILED;
         if ((data == nullptr) || (size <= 0)) {
-            return result;
+            return result != RET_FAILED;
         }
         if (size > 0) {
             AccessTokenID TOKENID = static_cast<AccessTokenID>(size);
             std::string testName(reinterpret_cast<const char*>(data), size);
             result = AccessTokenKit::VerifyAccessToken(TOKENID, TOKENID, testName);
         }
-        return result;
+        return result == RET_SUCCESS;
     }
 }
 
diff --git a/test/fuzztest/access_token/verifyaccesstoken_fuzzer/verifyaccesstoken_fuzzer.cpp b/test/fuzztest/access_token/verifyaccesstoken_fuzzer/verifyaccesstoken_fuzzer.cpp
index 34ef0098adbea1f7ab6a5264b361e932a4d05b7e..da3693cf26cc90ab59d5c31caedcda63bf448e2a 100644
--- a/test/fuzztest/access_token/verifyaccesstoken_fuzzer/verifyaccesstoken_fuzzer.cpp
+++ b/test/fuzztest/access_token/verifyaccesstoken_fuzzer/verifyaccesstoken_fuzzer.cpp
@@ -27,16 +27,16 @@ using namespace OHOS::Security::AccessToken;
 namespace OHOS {
     bool VerifyAccessTokenFuzzTest(const uint8_t* data, size_t size)
     {
-        bool result = false;
+        int32_t result = RET_FAILED;
         if ((data == nullptr) || (size <= 0)) {
-            return result;
+            return result != RET_FAILED;
         }
         if (size > 0) {
             AccessTokenID TOKENID = static_cast<AccessTokenID>(size);
             std::string testName(reinterpret_cast<const char*>(data), size);
             result = AccessTokenKit::VerifyAccessToken(TOKENID, testName);
         }
-        return result;
+        return result == RET_SUCCESS;
     }
 }