diff --git a/services/implementation/include/authentication_v2/dm_auth_state.h b/services/implementation/include/authentication_v2/dm_auth_state.h
index be7f0e228d7975fc3093bfa404eb6a4babae266c..9a908166741feb8415b8e11ceb5b1f5ebb46525c 100644
--- a/services/implementation/include/authentication_v2/dm_auth_state.h
+++ b/services/implementation/include/authentication_v2/dm_auth_state.h
@@ -475,6 +475,8 @@ private:
         JsonObject &credTypeJson);
     void GetSinkCredTypeForP2P(std::shared_ptr<DmAuthContext> context, const JsonItemObject &credObj,
         JsonObject &aclInfo, JsonObject &credTypeJson, int32_t credType, std::vector<std::string> &deleteCredInfo);
+    void FilterProfilesByContext(std::vector<DistributedDeviceProfile::AccessControlProfile> &profiles,
+        std::shared_ptr<DmAuthContext> context);
 };
 
 class AuthSinkDataSyncState : public DmAuthState {
diff --git a/services/implementation/src/authentication_v2/auth_stages/auth_negotiate.cpp b/services/implementation/src/authentication_v2/auth_stages/auth_negotiate.cpp
index 0cc567754fa82068ee5da35debca5066b44cbffe..3da6b139d17c620b655466851c424e2d5c7f7bfa 100644
--- a/services/implementation/src/authentication_v2/auth_stages/auth_negotiate.cpp
+++ b/services/implementation/src/authentication_v2/auth_stages/auth_negotiate.cpp
@@ -281,12 +281,36 @@ void AuthSinkNegotiateStateMachine::GetSinkCredTypeForP2P(std::shared_ptr<DmAuth
     }
 }
 
+void AuthSinkNegotiateStateMachine::FilterProfilesByContext(
+    std::vector<DistributedDeviceProfile::AccessControlProfile> &profiles, std::shared_ptr<DmAuthContext> context)
+{
+    CHECK_NULL_VOID(context);
+    std::vector<DistributedDeviceProfile::AccessControlProfile> aclProfilesVec;
+    for (const auto &item : profiles) {
+        std::string accesserDeviceIdHash = Crypto::GetUdidHash(item.GetAccesser().GetAccesserDeviceId());
+        std::string accesseeDeviceIdHash = Crypto::GetUdidHash(item.GetAccessee().GetAccesseeDeviceId());
+        if ((context->accesser.deviceIdHash == accesserDeviceIdHash &&
+            context->accessee.deviceIdHash == accesseeDeviceIdHash &&
+            context->accesser.userId == item.GetAccesser().GetAccesserUserId() &&
+            context->accessee.userId == item.GetAccessee().GetAccesseeUserId()) ||
+            (context->accessee.deviceIdHash == accesserDeviceIdHash &&
+            context->accesser.deviceIdHash == accesseeDeviceIdHash &&
+            context->accessee.userId == item.GetAccesser().GetAccesserUserId() &&
+            context->accesser.userId == item.GetAccessee().GetAccesseeUserId())) {
+            aclProfilesVec.push_back(item);
+        }
+    }
+    profiles.clear();
+    profiles.assign(aclProfilesVec.begin(), aclProfilesVec.end());
+}
+
 void AuthSinkNegotiateStateMachine::GetSinkAclInfo(std::shared_ptr<DmAuthContext> context,
     JsonObject &credInfo, JsonObject &aclInfo)
 {
     CHECK_NULL_VOID(context);
     std::vector<DistributedDeviceProfile::AccessControlProfile> profiles =
         DeviceProfileConnector::GetInstance().GetAllAclIncludeLnnAcl();
+    FilterProfilesByContext(profiles, context);
     uint32_t bindLevel = DM_INVALIED_TYPE;
     for (const auto &item : profiles) {
         std::string trustDeviceId = item.GetTrustDeviceId();