diff --git a/frameworks/innerkits/file_access/include/file_ext_stub.h b/frameworks/innerkits/file_access/include/file_ext_stub.h
index 101f7c5529eae9b9d80e3eaa4711d0940969ac67..663cbcc7dbb4e54f183dee55a044b98c593ca131 100644
--- a/frameworks/innerkits/file_access/include/file_ext_stub.h
+++ b/frameworks/innerkits/file_access/include/file_ext_stub.h
@@ -40,6 +40,8 @@ private:
     ErrCode CmdListFile(MessageParcel &data, MessageParcel &reply);
     ErrCode CmdGetRoots(MessageParcel &data, MessageParcel &reply);
 
+    bool CheckCallingPermission(const std::string &permission);
+
     using RequestFuncType = int (FileExtStub::*)(MessageParcel &data, MessageParcel &reply);
     std::map<uint32_t, RequestFuncType> stubFuncMap_;
 };
diff --git a/frameworks/innerkits/file_access/src/file_ext_stub.cpp b/frameworks/innerkits/file_access/src/file_ext_stub.cpp
index 5a684593c9075af4099307f11c7763fb5f539779..2abc075a4e43e2addf0e7cd5db90e63c0c4db6d7 100644
--- a/frameworks/innerkits/file_access/src/file_ext_stub.cpp
+++ b/frameworks/innerkits/file_access/src/file_ext_stub.cpp
@@ -15,7 +15,9 @@
 
 #include "file_ext_stub.h"
 
+#include "accesstoken_kit.h"
 #include "hilog_wrapper.h"
+#include "ipc_skeleton.h"
 
 namespace OHOS {
 namespace FileAccessFwk {
@@ -42,6 +44,12 @@ int FileExtStub::OnRemoteRequest(uint32_t code, MessageParcel& data, MessageParc
     MessageOption& option)
 {
     HILOG_INFO("%{public}s Received stub message: %{public}d", __func__, code);
+    std::string permission = "ohos.permission.FILE_ACCESS_MANAGER";
+    if (!CheckCallingPermission(permission)) {
+        HILOG_ERROR("FileExtStub::%{public}s  permission error", __func__);
+        return ERR_UNKNOWN_REASON;
+    }
+
     std::u16string descriptor = FileExtStub::GetDescriptor();
     std::u16string remoteDescriptor = data.ReadInterfaceToken();
     if (descriptor != remoteDescriptor) {
@@ -312,5 +320,16 @@ ErrCode FileExtStub::CmdGetRoots(MessageParcel &data, MessageParcel &reply)
     HILOG_INFO("%{public}s end.", __func__);
     return NO_ERROR;
 }
+
+bool FileExtStub::CheckCallingPermission(const std::string &permission)
+{
+    Security::AccessToken::AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID();
+    int res = Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenCaller, permission);
+    if (res != Security::AccessToken::PermissionState::PERMISSION_GRANTED) {
+        HILOG_ERROR("FileExtStub::CheckCallingPermission have no fileAccess permission");
+        return false;
+    }
+    return true;
+}
 } // namespace FileAccessFwk
 } // namespace OHOS