diff --git a/services/tokensyncmanager/src/service/token_sync_manager_stub.cpp b/services/tokensyncmanager/src/service/token_sync_manager_stub.cpp
index cefdf158f489ea3ec44c124e3a3ddc0b7265700c..053b383303affb0a8dbac992f73f43d6671c1284 100644
--- a/services/tokensyncmanager/src/service/token_sync_manager_stub.cpp
+++ b/services/tokensyncmanager/src/service/token_sync_manager_stub.cpp
@@ -54,6 +54,12 @@ int32_t TokenSyncManagerStub::OnRemoteRequest(
 
 void TokenSyncManagerStub::GetRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply)
 {
+    AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID();
+    if ((reinterpret_cast<AccessTokenIDInner *>(&tokenCaller))->type != TOKEN_NATIVE) {
+        ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s called, permission denied", __func__);
+        reply.WriteInt32(RET_FAILED);
+        return;
+    }
     std::string deviceID = data.ReadString();
     AccessTokenID tokenID = data.ReadUint32();
 
@@ -64,6 +70,12 @@ void TokenSyncManagerStub::GetRemoteHapTokenInfoInner(MessageParcel& data, Messa
 
 void TokenSyncManagerStub::DeleteRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply)
 {
+    AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID();
+    if ((reinterpret_cast<AccessTokenIDInner *>(&tokenCaller))->type != TOKEN_NATIVE) {
+        ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s called, permission denied", __func__);
+        reply.WriteInt32(RET_FAILED);
+        return;
+    }
     std::string deviceID = data.ReadString();
     AccessTokenID tokenID = data.ReadUint32();
     int result = this->DeleteRemoteHapTokenInfo(tokenID);
@@ -72,6 +84,12 @@ void TokenSyncManagerStub::DeleteRemoteHapTokenInfoInner(MessageParcel& data, Me
 
 void TokenSyncManagerStub::UpdateRemoteHapTokenInfoInner(MessageParcel& data, MessageParcel& reply)
 {
+    AccessTokenID tokenCaller = IPCSkeleton::GetCallingTokenID();
+    if ((reinterpret_cast<AccessTokenIDInner *>(&tokenCaller))->type != TOKEN_NATIVE) {
+        ACCESSTOKEN_LOG_ERROR(LABEL, "%{public}s called, permission denied", __func__);
+        reply.WriteInt32(RET_FAILED);
+        return;
+    }
     sptr<HapTokenInfoForSyncParcel> tokenInfoParcelPtr = data.ReadParcelable<HapTokenInfoForSyncParcel>();
     int result = RET_FAILED;
     if (tokenInfoParcelPtr != nullptr) {