diff --git a/core/modules/file/src/FileAccessControlHandler.php b/core/modules/file/src/FileAccessControlHandler.php
index 2e336af56015190075bc51b58b0d39cb2377d00b..f6f4a46945f07a5fc66a7118751c0beb2b4b4c23 100644
--- a/core/modules/file/src/FileAccessControlHandler.php
+++ b/core/modules/file/src/FileAccessControlHandler.php
@@ -22,10 +22,13 @@ class FileAccessControlHandler extends EntityAccessControlHandler {
    * {@inheritdoc}
    */
   protected function checkAccess(EntityInterface $entity, $operation, $langcode, AccountInterface $account) {
-
+    /** @var \Drupal\file\FileInterface $entity */
     if ($operation == 'download' || $operation == 'view') {
-      $references = $this->getFileReferences($entity);
-      if ($references) {
+      if (\Drupal::service('file_system')->uriScheme($entity->getFileUri()) === 'public') {
+        // Always allow access to file in public file system.
+        return AccessResult::allowed();
+      }
+      elseif ($references = $this->getFileReferences($entity)) {
         foreach ($references as $field_name => $entity_map) {
           foreach ($entity_map as $referencing_entity_type => $referencing_entities) {
             /** @var \Drupal\Core\Entity\EntityInterface $referencing_entity */
diff --git a/core/modules/file/src/Tests/FileManagedAccessTest.php b/core/modules/file/src/Tests/FileManagedAccessTest.php
new file mode 100644
index 0000000000000000000000000000000000000000..73c1accda93d76fcc0ea9dea74568f2d7a9c70ac
--- /dev/null
+++ b/core/modules/file/src/Tests/FileManagedAccessTest.php
@@ -0,0 +1,73 @@
+<?php
+
+/**
+ * @file
+ * Contains \Drupal\file\Tests\FileManagedAccessTest.
+ */
+
+namespace Drupal\file\Tests;
+
+use Drupal\file\Entity\File;
+
+/**
+ * Tests access to managed files.
+ *
+ * @group file
+ */
+class FileManagedAccessTest extends FileManagedTestBase {
+
+  /**
+   * Tests if public file is always accessible.
+   */
+  function testFileAccess() {
+    // Create a new file entity.
+    $file = File::create(array(
+      'uid' => 1,
+      'filename' => 'drupal.txt',
+      'uri' => 'public://drupal.txt',
+      'filemime' => 'text/plain',
+      'status' => FILE_STATUS_PERMANENT,
+    ));
+    file_put_contents($file->getFileUri(), 'hello world');
+
+    // Save it, inserting a new record.
+    $file->save();
+
+    // Create authenticated user to check file access.
+    $account = $this->createUser(array('access site reports'));
+
+    $this->assertTrue($file->access('view', $account), 'Public file is viewable to authenticated user');
+    $this->assertTrue($file->access('download', $account), 'Public file is downloadable to authenticated user');
+
+    // Create anonymous user to check file access.
+    $account = $this->createUser()->getAnonymousUser();
+
+    $this->assertTrue($file->access('view', $account), 'Public file is viewable to anonymous user');
+    $this->assertTrue($file->access('download', $account), 'Public file is downloadable to anonymous user');
+
+    // Create a new file entity.
+    $file = File::create(array(
+      'uid' => 1,
+      'filename' => 'drupal.txt',
+      'uri' => 'private://drupal.txt',
+      'filemime' => 'text/plain',
+      'status' => FILE_STATUS_PERMANENT,
+    ));
+    file_put_contents($file->getFileUri(), 'hello world');
+
+    // Save it, inserting a new record.
+    $file->save();
+
+    // Create authenticated user to check file access.
+    $account = $this->createUser(array('access site reports'));
+
+    $this->assertFalse($file->access('view', $account), 'Private file is not viewable to authenticated user');
+    $this->assertFalse($file->access('download', $account), 'Private file is not downloadable to authenticated user');
+
+    // Create anonymous user to check file access.
+    $account = $this->createUser()->getAnonymousUser();
+
+    $this->assertFalse($file->access('view', $account), 'Private file is not viewable to anonymous user');
+    $this->assertFalse($file->access('download', $account), 'Private file is not downloadable to anonymous user');
+  }
+}