diff --git a/services/ans/include/access_token_helper.h b/services/ans/include/access_token_helper.h
index 11de4e9da6620989fa45ea11321fb9da7b3c5081..965ca236a41f5cfd8835f40908d8086eebb8a605 100644
--- a/services/ans/include/access_token_helper.h
+++ b/services/ans/include/access_token_helper.h
@@ -34,6 +34,7 @@ public:
     static bool VerifyCallerPermission(
         const Security::AccessToken::AccessTokenID &tokenCaller, const std::string &permission);
     static bool VerifyNativeToken(const Security::AccessToken::AccessTokenID &callerToken);
+    static bool IsSystemHap();
 };
 }  // namespace Notification
 }  // namespace OHOS
diff --git a/services/ans/src/access_token_helper.cpp b/services/ans/src/access_token_helper.cpp
index b49617be6ad571b0c72cdd76099d51e8121767e2..eb387d0e7c9225a97048f105570fe0bf7ce95474 100644
--- a/services/ans/src/access_token_helper.cpp
+++ b/services/ans/src/access_token_helper.cpp
@@ -15,20 +15,46 @@
 
 #include "access_token_helper.h"
 
+#include "ans_log_wrapper.h"
+#include "ipc_skeleton.h"
+
+using namespace OHOS::Security::AccessToken;
+
 namespace OHOS {
 namespace Notification {
 bool AccessTokenHelper::VerifyCallerPermission(
-    const Security::AccessToken::AccessTokenID &tokenCaller, const std::string &permission)
+    const AccessTokenID &tokenCaller, const std::string &permission)
+{
+    int result = AccessTokenKit::VerifyAccessToken(tokenCaller, permission);
+    return (result == PERMISSION_GRANTED);
+}
+
+bool AccessTokenHelper::VerifyNativeToken(const AccessTokenID &callerToken)
 {
-    int result = Security::AccessToken::AccessTokenKit::VerifyAccessToken(tokenCaller, permission);
-    return (result == Security::AccessToken::PERMISSION_GRANTED);
+    ATokenTypeEnum tokenType =
+        AccessTokenKit::GetTokenTypeFlag(callerToken);
+    return tokenType == ATokenTypeEnum::TOKEN_NATIVE;
 }
 
-bool AccessTokenHelper::VerifyNativeToken(const Security::AccessToken::AccessTokenID &callerToken)
+bool AccessTokenHelper::IsSystemHap()
 {
-    Security::AccessToken::ATokenTypeEnum tokenType =
-        Security::AccessToken::AccessTokenKit::GetTokenTypeFlag(callerToken);
-    return tokenType == Security::AccessToken::ATokenTypeEnum::TOKEN_NATIVE;
+    AccessTokenID tokenId = IPCSkeleton::GetCallingTokenID();
+    ATokenTypeEnum type = AccessTokenKit::GetTokenTypeFlag(tokenId);
+    if (type == ATokenTypeEnum::TOKEN_NATIVE) {
+        return true;
+    }
+    if (type == ATokenTypeEnum::TOKEN_HAP) {
+        HapTokenInfo info;
+        AccessTokenKit::GetHapTokenInfo(tokenId, info);
+        if (info.apl == ATokenAplEnum::APL_SYSTEM_CORE || info.apl == ATokenAplEnum::APL_SYSTEM_BASIC) {
+            return true;
+        }
+        pid_t pid = IPCSkeleton::GetCallingPid();
+        pid_t uid = IPCSkeleton::GetCallingUid();
+        ANS_LOGW("apl not match, info.apl=%{public}d, type=%{public}d, pid=%{public}d, uid=%{public}d",
+            info.apl, type, pid, uid);
+    }
+    return false;
 }
 }  // namespace Notification
 }  // namespace OHOS
\ No newline at end of file
diff --git a/services/ans/src/advanced_notification_service.cpp b/services/ans/src/advanced_notification_service.cpp
index 3d82e40b62e42aee9417affda41ba25b7bf7a3cd..817b4052c573c97716728054ef8fd6e6321026d4 100644
--- a/services/ans/src/advanced_notification_service.cpp
+++ b/services/ans/src/advanced_notification_service.cpp
@@ -124,7 +124,7 @@ inline bool IsSystemApp()
         isSystemApp = bundleManager->IsSystemApp(callingUid);
     }
 
-    return isSystemApp;
+    return isSystemApp || AccessTokenHelper::IsSystemHap();
 }
 
 inline int64_t ResetSeconds(int64_t date)
diff --git a/services/ans/test/unittest/mock/mock_access_token_helper.cpp b/services/ans/test/unittest/mock/mock_access_token_helper.cpp
index 0f3cba40f0988a31a08c6696fa5b944a7fb47d92..d72c3f6314644bc242610f557ac6ba3f0a22da86 100644
--- a/services/ans/test/unittest/mock/mock_access_token_helper.cpp
+++ b/services/ans/test/unittest/mock/mock_access_token_helper.cpp
@@ -28,5 +28,10 @@ bool AccessTokenHelper::VerifyNativeToken(const Security::AccessToken::AccessTok
 {
     return callerToken == NATIVE_TOKEN;
 }
+
+bool IsSystemHap()
+{
+    return true;
+}
 }  // namespace Notification
 }  // namespace OHOS
\ No newline at end of file
diff --git a/services/test/moduletest/mock/mock_access_token_helper.cpp b/services/test/moduletest/mock/mock_access_token_helper.cpp
index 51c2f039e007568d3be76eafd903af52e6383d50..d881c3551b180892b26b53d1f0b53269fec11f9a 100644
--- a/services/test/moduletest/mock/mock_access_token_helper.cpp
+++ b/services/test/moduletest/mock/mock_access_token_helper.cpp
@@ -27,5 +27,10 @@ bool AccessTokenHelper::VerifyNativeToken(const Security::AccessToken::AccessTok
 {
     return true;
 }
+
+bool IsSystemHap()
+{
+    return true;
+}
 }  // namespace Notification
 }  // namespace OHOS
\ No newline at end of file