diff --git a/hisysevent.yaml b/hisysevent.yaml
index 5c8b69527b137fd17b19e0ffac59c24c29e02fdd..0ecb9ecbf9ee898c1241614b8d6c30851fd9a1c8 100644
--- a/hisysevent.yaml
+++ b/hisysevent.yaml
@@ -18,6 +18,11 @@ VIBRATOR_PERMISSIONS_EXCEPTION:
   PKG_NAME: {type: STRING, desc: package name}
   ERROR_CODE: {type: INT32, desc: error code}
 
+LIGHT_PERMISSIONS_EXCEPTION:
+  __BASE: {type: SECURITY, level: MINOR, desc: sensor verify access token fail}
+  PKG_NAME: {type: STRING, desc: package name}
+  ERROR_CODE: {type: INT32, desc: error code}
+
 MISC_SERVICE_IPC_EXCEPTION:
   __BASE: {type: FAULT, level: MINOR, desc: sensor service ipc exception}
   PKG_NAME: {type: STRING, desc: package name}
diff --git a/services/miscdevice_service/BUILD.gn b/services/miscdevice_service/BUILD.gn
index 47341c5edf93098d81b880a772c0bda9769e1c37..7dba3c9d8dfac03a5305d7d48a4d2a03565e015f 100644
--- a/services/miscdevice_service/BUILD.gn
+++ b/services/miscdevice_service/BUILD.gn
@@ -57,6 +57,7 @@ ohos_shared_library("libmiscdevice_service") {
 
   external_deps = [
     "access_token:libaccesstoken_sdk",
+    "access_token:libprivacy_sdk",
     "c_utils:utils",
     "drivers_interface_vibrator:libvibrator_proxy_1.2",
     "hilog:libhilog",
diff --git a/services/miscdevice_service/src/miscdevice_service_stub.cpp b/services/miscdevice_service/src/miscdevice_service_stub.cpp
index 6b9e648fe361c889e19904ceb8be7185b88ffdfe..749dd280d94de6531f3bbd26a560b0dd567d620a 100644
--- a/services/miscdevice_service/src/miscdevice_service_stub.cpp
+++ b/services/miscdevice_service/src/miscdevice_service_stub.cpp
@@ -33,6 +33,7 @@ using namespace OHOS::HiviewDFX;
 namespace {
 constexpr HiLogLabel LABEL = { LOG_CORE, MISC_LOG_DOMAIN, "MiscdeviceServiceStub" };
 const std::string VIBRATE_PERMISSION = "ohos.permission.VIBRATE";
+const std::string LIGHT_PERMISSION = "ohos.permission.SYSTEM_LIGHT_CONTROL";
 }  // namespace
 
 MiscdeviceServiceStub::MiscdeviceServiceStub()
@@ -232,6 +233,14 @@ int32_t MiscdeviceServiceStub::GetLightListStub(MessageParcel &data, MessageParc
 
 int32_t MiscdeviceServiceStub::TurnOnStub(MessageParcel &data, MessageParcel &reply)
 {
+    PermissionUtil &permissionUtil = PermissionUtil::GetInstance();
+    int32_t ret = permissionUtil.CheckVibratePermission(this->GetCallingTokenID(), LIGHT_PERMISSION);
+    if (ret != PERMISSION_GRANTED) {
+        HiSysEventWrite(HiSysEvent::Domain::MISCDEVICE, "LIGHT_PERMISSIONS_EXCEPTION",
+            HiSysEvent::EventType::SECURITY, "PKG_NAME", "turnOnStub", "ERROR_CODE", ret);
+        MISC_HILOGE("CheckLightPermission failed, ret:%{public}d", ret);
+        return PERMISSION_DENIED;
+    }
     int32_t lightId = data.ReadInt32();
     LightColor lightColor;
     lightColor.singleColor = data.ReadInt32();
@@ -243,6 +252,14 @@ int32_t MiscdeviceServiceStub::TurnOnStub(MessageParcel &data, MessageParcel &re
 
 int32_t MiscdeviceServiceStub::TurnOffStub(MessageParcel &data, MessageParcel &reply)
 {
+    PermissionUtil &permissionUtil = PermissionUtil::GetInstance();
+    int32_t ret = permissionUtil.CheckVibratePermission(this->GetCallingTokenID(), LIGHT_PERMISSION);
+    if (ret != PERMISSION_GRANTED) {
+        HiSysEventWrite(HiSysEvent::Domain::MISCDEVICE, "LIGHT_PERMISSIONS_EXCEPTION",
+            HiSysEvent::EventType::SECURITY, "PKG_NAME", "TurnOffStub", "ERROR_CODE", ret);
+        MISC_HILOGE("CheckLightPermission failed, ret:%{public}d", ret);
+        return PERMISSION_DENIED;
+    }
     int32_t lightId = data.ReadInt32();
     return TurnOff(lightId);
 }
diff --git a/test/unittest/light/BUILD.gn b/test/unittest/light/BUILD.gn
index c86a3287bb32b1d3e4f8e769419882b21237f244..14eb7a9c17d785c719f72275a43863a5223990ae 100644
--- a/test/unittest/light/BUILD.gn
+++ b/test/unittest/light/BUILD.gn
@@ -31,8 +31,13 @@ ohos_unittest("LightAgentTest") {
     "//third_party/googletest:gtest_main",
   ]
   external_deps = [
+    "access_token:libaccesstoken_sdk",
+    "access_token:libnativetoken",
+    "access_token:libprivacy_sdk",
+    "access_token:libtoken_setproc",
     "c_utils:utils",
     "hilog:libhilog",
+    "ipc:ipc_core",
   ]
 }
 
diff --git a/test/unittest/light/light_agent_test.cpp b/test/unittest/light/light_agent_test.cpp
index 5d0fd3a9df90593b743788748c95c85cb5ae2b22..145b3d20a6e752153ebccc92cb3185ca5149bef4 100644
--- a/test/unittest/light/light_agent_test.cpp
+++ b/test/unittest/light/light_agent_test.cpp
@@ -16,6 +16,9 @@
 #include <gtest/gtest.h>
 #include <thread>
 
+#include "accesstoken_kit.h"
+#include "nativetoken_kit.h"
+#include "token_setproc.h"
 #include "light_agent.h"
 #include "sensors_errors.h"
 
@@ -23,25 +26,79 @@ namespace OHOS {
 namespace Sensors {
 using namespace testing::ext;
 using namespace OHOS::HiviewDFX;
+using namespace Security::AccessToken;
+using Security::AccessToken::AccessTokenID;
 
 namespace {
 constexpr int32_t TIME_WAIT_FOR_OP = 2;
 constexpr HiLogLabel LABEL = { LOG_CORE, MISC_LOG_DOMAIN, "LightAgentTest" };
+PermissionDef g_infoManagerTestPermDef = {
+    .permissionName = "ohos.permission.SYSTEM_LIGHT_CONTROL",
+    .bundleName = "accesstoken_test",
+    .grantMode = 1,
+    .label = "label",
+    .labelId = 1,
+    .description = "test light agent",
+    .descriptionId = 1,
+    .availableLevel = APL_NORMAL
+};
+
+PermissionStateFull g_infoManagerTestState = {
+    .grantFlags = {1},
+    .grantStatus = {PermissionState::PERMISSION_GRANTED},
+    .isGeneral = true,
+    .permissionName = "ohos.permission.SYSTEM_LIGHT_CONTROL",
+    .resDeviceID = {"local"}
+};
+
+HapPolicyParams g_infoManagerTestPolicyPrams = {
+    .apl = APL_NORMAL,
+    .domain = "test.domain",
+    .permList = {g_infoManagerTestPermDef},
+    .permStateList = {g_infoManagerTestState}
+};
+
+HapInfoParams g_infoManagerTestInfoParms = {
+    .bundleName = "lightagent_test",
+    .userID = 1,
+    .instIndex = 0,
+    .appIDDesc = "LightAgentTest"
+};
 }  // namespace
 
 class LightAgentTest : public testing::Test {
 public:
-    static void SetUpTestCase() {}
-    static void TearDownTestCase() {}
+    static void SetUpTestCase();
+    static void TearDownTestCase();
     void SetUp() {}
     void TearDown() {}
+private:
+    static AccessTokenID tokenID_;
 };
 
+AccessTokenID LightAgentTest::tokenID_ = 0;
+
 LightInfo *g_lightInfo = nullptr;
 int32_t g_lightId = -1;
 int32_t g_invalidLightId = -1;
 int32_t g_lightType = -1;
 
+void LightAgentTest::SetUpTestCase()
+{
+    AccessTokenIDEx tokenIdEx = {0};
+    tokenIdEx = AccessTokenKit::AllocHapToken(g_infoManagerTestInfoParms, g_infoManagerTestPolicyPrams);
+    tokenID_ = tokenIdEx.tokenIdExStruct.tokenID;
+    ASSERT_NE(0, tokenID_);
+    ASSERT_EQ(0, SetSelfTokenID(tokenID_));
+}
+
+void LightAgentTest::TearDownTestCase()
+{
+    int32_t ret = AccessTokenKit::DeleteToken(tokenID_);
+    if (tokenID_ != 0) {
+        ASSERT_EQ(RET_SUCCESS, ret);
+    }
+}
 /**
  * @tc.name: StartLightTest_001
  * @tc.desc: Verify GetLightList