diff --git a/file_entity.module b/file_entity.module
index 8e61465..64c892f 100644
--- a/file_entity.module
+++ b/file_entity.module
@@ -318,13 +318,16 @@ function file_entity_permission() {
       'title' => t('View file details'),
       'description' => t('For viewing file details, not for downloading files.'),
     ),
-    'delete own files' => array(
-      'title' => t('Delete own files'),
-    ),
     'view own private files' => array(
       'title' => t('View own private file details'),
       'description' => t('For viewing file details, not for downloading files.'),
     ),
+    'download own files' => array(
+      'title' => t('Download own files'),
+    ),
+    'download any files' => array(
+      'title' => t('Download any files'),
+    ),
     'create files' => array(
       'title' => t('Add and upload files'),
     ),
@@ -334,6 +337,9 @@ function file_entity_permission() {
     'edit any files' => array(
       'title' => t('Edit any files'),
     ),
+    'delete own files' => array(
+      'title' => t('Delete own files'),
+    ),
     'delete any files' => array(
       'title' => t('Delete any files'),
     ),
@@ -977,8 +983,6 @@ function file_entity_stream_wrappers_alter(&$wrappers) {
  *
  * Stream wrappers that are considered private should implement a 'private'
  * flag equal to TRUE in hook_stream_wrappers().
- *
- * @todo Unify core's hook_file_download() as a 'download' op of file_access().
  */
 
 /**
@@ -990,6 +994,7 @@ function file_entity_stream_wrappers_alter(&$wrappers) {
  *   - "update"
  *   - "delete"
  *   - "create"
+ *   - "download"
  * @param $file
  *   The file object on which the operation is to be performed, or file type
  *   (e.g. 'image') for "create" operation.
@@ -1003,7 +1008,7 @@ function file_entity_stream_wrappers_alter(&$wrappers) {
 function file_access($op, $file = NULL, $account = NULL) {
   $rights = &drupal_static(__FUNCTION__, array());
 
-  if (!$file && !in_array($op, array('view', 'update', 'delete', 'create'), TRUE)) {
+  if (!$file && !in_array($op, array('view', 'update', 'delete', 'create', 'download'), TRUE)) {
     // If there was no file to check against, or the $op was not one of the
     // supported ones, we return access denied.
     return FALSE;
@@ -1095,6 +1100,12 @@ function file_entity_file_access($op, $file, $account) {
     }
   }
 
+  if ($op == 'download') {
+    if (user_access('download any files', $account) || (user_access('download own files', $account) && ($account->uid == $file->uid))) {
+      return FILE_ACCESS_ALLOW;
+    }
+  }
+
   return FILE_ACCESS_IGNORE;
 }