diff --git a/frameworks/js/napi/session/include/napi_common_utils.h b/frameworks/js/napi/session/include/napi_common_utils.h
index 3fbeff2b0a966568cb5c0ffe0194c9cd754bb568..07aedf4d6ddf90b186e4a67e7955d0d5258b725b 100644
--- a/frameworks/js/napi/session/include/napi_common_utils.h
+++ b/frameworks/js/napi/session/include/napi_common_utils.h
@@ -51,6 +51,8 @@ public:
 
     static ClientStatus IsTypeOf(napi_env env, napi_value arg, napi_valuetype type);
     static void NapiThrowParamError(napi_env env, std::vector<std::pair<std::string, std::string>> &paramInfos);
+    static void NapiThrowNotSystemAppError(napi_env env);
+    static bool IsCallerValid();
     static napi_value BuildThrowError(napi_env env, const BusinessError &businessError);
     static int32_t BuildBusinessError(napi_env env, napi_value &obj, const BusinessError &businessError);
     static int32_t ConvertToErrorCode(CallResult callResult);
diff --git a/frameworks/js/napi/session/src/napi_common_utils.cpp b/frameworks/js/napi/session/src/napi_common_utils.cpp
index badc5009d8b28ed21fb686f310664864ddaca796..c7a8a444818b016a392ec377877d34146a8c1510 100644
--- a/frameworks/js/napi/session/src/napi_common_utils.cpp
+++ b/frameworks/js/napi/session/src/napi_common_utils.cpp
@@ -15,9 +15,14 @@
 
 #include "napi_common_utils.h"
 
+#include "accesstoken_kit.h"
+#include "access_token.h"
+#include "ipc_skeleton.h"
+
 #include "napi/native_common.h"
 #include "node_api.h"
 
+#include "tokenid_kit.h"
 #include "update_define.h"
 
 namespace OHOS::UpdateEngine {
@@ -213,7 +218,34 @@ void NapiCommonUtils::NapiThrowParamError(
     businessError.Build(errCode, errMsg);
     napi_value msg = BuildThrowError(env, businessError);
     napi_status status = napi_throw(env, msg);
-    PARAM_CHECK(status == napi_ok, return, "Failed to napi_throw %d", CAST_INT(status));
+    PARAM_CHECK(status == napi_ok, return, "Failed to napi_throw %{public}d", CAST_INT(status));
+}
+
+void NapiCommonUtils::NapiThrowNotSystemAppError(napi_env env)
+{
+    BusinessError businessError;
+    CallResult errCode = CallResult::NOT_SYSTEM_APP;
+    std::string errMsg = "BusinessError " + std::to_string(CAST_INT(errCode)).append(": Caller not system app.");
+    businessError.Build(errCode, errMsg);
+    napi_value msg = BuildThrowError(env, businessError);
+    napi_status status = napi_throw(env, msg);
+    PARAM_CHECK(status == napi_ok, return, "Failed to napi_throw %{public}d", CAST_INT(status));
+}
+
+bool NapiCommonUtils::IsCallerValid()
+{
+    OHOS::Security::AccessToken::AccessTokenID callerToken = IPCSkeleton::GetCallingTokenID();
+    auto callerTokenType = OHOS::Security::AccessToken::AccessTokenKit::GetTokenType(callerToken);
+    switch (callerTokenType) {
+        case OHOS::Security::AccessToken::TypeATokenTypeEnum::TOKEN_HAP: {
+            uint64_t callerFullTokenID = IPCSkeleton::GetCallingFullTokenID();
+            // hap进程只允许系统应用调用
+            return OHOS::Security::AccessToken::TokenIdKit::IsSystemAppByFullTokenID(callerFullTokenID);
+        }
+        default:
+            // 其他情况调用予以禁止
+            return false;
+    }
 }
 
 std::string NapiCommonUtils::GetParamNames(std::vector<std::pair<std::string, std::string>> &strVector)
@@ -249,7 +281,7 @@ napi_value NapiCommonUtils::BuildThrowError(napi_env env, const BusinessError &b
     napi_create_string_utf8(env, businessError.message.c_str(), NAPI_AUTO_LENGTH, &message);
     napi_value error = nullptr;
     napi_status status = napi_create_error(env, nullptr, message, &error);
-    PARAM_CHECK(status == napi_ok, return nullptr, "Failed to create napi_create_object %d",
+    PARAM_CHECK(status == napi_ok, return nullptr, "Failed to create napi_create_object %{public}d",
         CAST_INT(status));
 
     SetInt32(env, error, "code", ConvertToErrorCode(businessError.errorNum));
@@ -266,7 +298,7 @@ int32_t NapiCommonUtils::BuildBusinessError(napi_env env, napi_value &obj, const
     }
     napi_status status = napi_create_object(env, &obj);
     PARAM_CHECK(status == napi_ok, return CAST_INT(ClientStatus::CLIENT_INVALID_TYPE),
-        "Failed to create napi_create_object %d", CAST_INT(status));
+        "Failed to create napi_create_object %{public}d", CAST_INT(status));
 
     SetString(env, obj, "message", businessError.message);
     SetInt32(env, obj, "code", ConvertToErrorCode(businessError.errorNum));
@@ -337,9 +369,9 @@ ClientStatus NapiCommonUtils::CheckNapiObjectType(napi_env env, const napi_value
 {
     napi_valuetype type = napi_undefined;
     napi_status status = napi_typeof(env, arg, &type);
-    PARAM_CHECK(status == napi_ok, return ClientStatus::CLIENT_INVALID_TYPE, "Invalid argc %d",
+    PARAM_CHECK(status == napi_ok, return ClientStatus::CLIENT_INVALID_TYPE, "Invalid argc %{public}d",
         static_cast<int32_t>(status));
-    PARAM_CHECK(type == napi_object, return ClientStatus::CLIENT_INVALID_TYPE, "Invalid argc %d",
+    PARAM_CHECK(type == napi_object, return ClientStatus::CLIENT_INVALID_TYPE, "Invalid argc %{public}d",
         static_cast<int32_t>(type))
     return ClientStatus::CLIENT_SUCCESS;
 }
diff --git a/frameworks/js/napi/update/BUILD.gn b/frameworks/js/napi/update/BUILD.gn
index b0fbb66fb62ecc6836fa84646898671378744300..0d7b70f12358afdb05e01e73c1982082e5d10715 100644
--- a/frameworks/js/napi/update/BUILD.gn
+++ b/frameworks/js/napi/update/BUILD.gn
@@ -44,6 +44,8 @@ ohos_shared_library("$updateengine_client_library_name") {
   ]
 
   external_deps = [
+    "access_token:libaccesstoken_sdk",
+    "access_token:libtokenid_sdk",
     "c_utils:utils",  # sptr
     "hilog:libhilog",
     "ipc:ipc_core",
diff --git a/frameworks/js/napi/update/common/src/iupdater.cpp b/frameworks/js/napi/update/common/src/iupdater.cpp
index ac44fb0122c52db780b508fa832f89869a5d179e..44b36cb37bf2c2865db33dd567351628cdb03ddb 100644
--- a/frameworks/js/napi/update/common/src/iupdater.cpp
+++ b/frameworks/js/napi/update/common/src/iupdater.cpp
@@ -26,6 +26,10 @@ napi_value IUpdater::On(napi_env env, napi_callback_info info)
     napi_status status = napi_get_cb_info(env, info, &argc, args, nullptr, nullptr);
     PARAM_CHECK_NAPI_CALL(env, status == napi_ok && argc >= ARG_NUM_TWO, return nullptr, "Error get cb info");
 
+    bool isCallerValid = NapiCommonUtils::IsCallerValid();
+    PARAM_CHECK_NAPI_CALL(env, isCallerValid, NapiCommonUtils::NapiThrowNotSystemAppError(env);
+        return nullptr, "Caller not system app.");
+
     EventClassifyInfo eventClassifyInfo;
     ClientStatus ret = ClientHelper::GetEventClassifyInfoFromArg(env, args[0], eventClassifyInfo);
     std::vector<std::pair<std::string, std::string>> paramInfos;
@@ -60,6 +64,10 @@ napi_value IUpdater::Off(napi_env env, napi_callback_info info)
     napi_status status = napi_get_cb_info(env, info, &argc, args, nullptr, nullptr);
     PARAM_CHECK_NAPI_CALL(env, status == napi_ok, return nullptr, "Error get cb info");
 
+    bool isCallerValid = NapiCommonUtils::IsCallerValid();
+    PARAM_CHECK_NAPI_CALL(env, isCallerValid, NapiCommonUtils::NapiThrowNotSystemAppError(env);
+        return nullptr, "Caller not system app.");
+
     EventClassifyInfo eventClassifyInfo;
     ClientStatus ret = ClientHelper::GetEventClassifyInfoFromArg(env, args[0], eventClassifyInfo);
     std::vector<std::pair<std::string, std::string>> paramInfos;
diff --git a/frameworks/js/napi/update/src/update_module.cpp b/frameworks/js/napi/update/src/update_module.cpp
index 67cbb748dd21f342156a033234b054bee4de705d..5690ba672dc40ced638ecb386ecba8c8a7f1d722 100644
--- a/frameworks/js/napi/update/src/update_module.cpp
+++ b/frameworks/js/napi/update/src/update_module.cpp
@@ -112,6 +112,10 @@ napi_value JsConstructorLocalUpdater(napi_env env, napi_callback_info info)
 
 napi_value GetOnlineUpdater(napi_env env, napi_callback_info info)
 {
+    bool isCallerValid = NapiCommonUtils::IsCallerValid();
+    PARAM_CHECK_NAPI_CALL(env, isCallerValid, NapiCommonUtils::NapiThrowNotSystemAppError(env);
+        return nullptr, "Failed to GetOnlineUpdater");
+
     napi_value jsObject = nullptr;
     UpdateClient *client = CreateJsObject<UpdateClient>(env, info, g_updateClientConstructorRef, jsObject);
     if (client != nullptr) {
@@ -125,6 +129,10 @@ napi_value GetOnlineUpdater(napi_env env, napi_callback_info info)
 
 napi_value GetRestorer(napi_env env, napi_callback_info info)
 {
+    bool isCallerValid = NapiCommonUtils::IsCallerValid();
+    PARAM_CHECK_NAPI_CALL(env, isCallerValid, NapiCommonUtils::NapiThrowNotSystemAppError(env);
+        return nullptr, "Failed to GetRestorer");
+
     napi_value jsObject = nullptr;
     Restorer* restorer = CreateJsObject<Restorer>(env, info, g_restorerConstructorRef, jsObject);
     if (restorer == nullptr) {
@@ -135,6 +143,10 @@ napi_value GetRestorer(napi_env env, napi_callback_info info)
 
 napi_value GetLocalUpdater(napi_env env, napi_callback_info info)
 {
+    bool isCallerValid = NapiCommonUtils::IsCallerValid();
+    PARAM_CHECK_NAPI_CALL(env, isCallerValid, NapiCommonUtils::NapiThrowNotSystemAppError(env);
+        return nullptr, "Failed to GetLocalUpdater");
+
     napi_value jsObject = nullptr;
     LocalUpdater* localUpdater = CreateJsObject<LocalUpdater>(env, info, g_localUpdaterConstructorRef, jsObject);
     if (localUpdater == nullptr) {