Recently, access control for XML database is one of the key issues in database security. Given an access control policy and a query expression, static analysis determines whether the query does not access any elements nor attributes that are prohibited by the policy. In a related work, policies and queries were modeled as regular sets of paths in trees. However, some policies cannot be represented by the model accurately. In this paper, we propose a static analysis method based on tree automata theory. Both a policy and a query are modeled as tree automata, and a policy is provided with two alternative semantics; AND-semantics and OR-semantics. We investigate the computational complexity of the static analysis problem. We show that our query model is sufficiently general by showing that the expressive power of our model is strictly greater than Neven's query automata. We also discuss a consistency problem of policies in schema transformation of XML databases and show that the problem is decidable.