diff --git a/frameworks/core/common/include/ans_inner_errors.h b/frameworks/core/common/include/ans_inner_errors.h
index c4f88bcc48af29f58a0af7889c9bbf4c78148965..3fd34d197cc2ef4c8d0d9d71e48a6d9f9b094c5f 100644
--- a/frameworks/core/common/include/ans_inner_errors.h
+++ b/frameworks/core/common/include/ans_inner_errors.h
@@ -76,6 +76,7 @@ enum ErrorCode : uint32_t {
     ERR_ANS_GET_ACTIVE_USER_FAILED,
     ERR_ANS_SUBSCRIBER_IS_DELETING,
     ERR_ANS_PREFERENCES_NOTIFICATION_SLOT_ENABLED,
+    ERR_ANS_DLP_HAP,
 };
 }  // namespace Notification
 }  // namespace OHOS
diff --git a/services/ans/include/access_token_helper.h b/services/ans/include/access_token_helper.h
index 965ca236a41f5cfd8835f40908d8086eebb8a605..1f6dbebe3bae616666b3ba667cc729e4d73b388b 100644
--- a/services/ans/include/access_token_helper.h
+++ b/services/ans/include/access_token_helper.h
@@ -35,6 +35,7 @@ public:
         const Security::AccessToken::AccessTokenID &tokenCaller, const std::string &permission);
     static bool VerifyNativeToken(const Security::AccessToken::AccessTokenID &callerToken);
     static bool IsSystemHap();
+    static bool IsDlpHap(const Security::AccessToken::AccessTokenID &callerToken);
 };
 }  // namespace Notification
 }  // namespace OHOS
diff --git a/services/ans/src/access_token_helper.cpp b/services/ans/src/access_token_helper.cpp
index f11006b65635e3f9548dccff2265827de7ce99c7..881c810d9da8d501e79f6ddf07a765d44cf3a9ff 100644
--- a/services/ans/src/access_token_helper.cpp
+++ b/services/ans/src/access_token_helper.cpp
@@ -55,5 +55,18 @@ bool AccessTokenHelper::IsSystemHap()
     }
     return false;
 }
+
+bool AccessTokenHelper::IsDlpHap(const AccessTokenID &callerToken)
+{
+    ATokenTypeEnum type = AccessTokenKit::GetTokenTypeFlag(callerToken);
+    if (type == ATokenTypeEnum::TOKEN_HAP) {
+        HapTokenInfo info;
+        AccessTokenKit::GetHapTokenInfo(callerToken, info);
+        if (info.dlpType == DlpType::DLP_READ || info.dlpType == DlpType::DLP_FULL_CONTROL) {
+            return true;
+        }
+    }
+    return false;
+}
 }  // namespace Notification
 }  // namespace OHOS
\ No newline at end of file
diff --git a/services/ans/src/advanced_notification_service.cpp b/services/ans/src/advanced_notification_service.cpp
index 40060eaaf43fa7be6fc2a3b2976c3fb7439060b6..1d39e77fa8c7812c11c21aff286ae77d96f44c84 100644
--- a/services/ans/src/advanced_notification_service.cpp
+++ b/services/ans/src/advanced_notification_service.cpp
@@ -509,6 +509,13 @@ ErrCode AdvancedNotificationService::Publish(const std::string &label, const spt
             break;
         }
 
+        Security::AccessToken::AccessTokenID callerToken = IPCSkeleton::GetCallingTokenID();
+        if (AccessTokenHelper::IsDlpHap(callerToken)) {
+            result = ERR_ANS_DLP_HAP;
+            ANS_LOGE("DLP hap not allowed to send notifications");
+            break;
+        }
+
         sptr<NotificationBundleOption> bundleOption;
         result = PrepareNotificationInfo(request, bundleOption);
         if (result != ERR_OK) {
diff --git a/services/ans/test/unittest/advanced_notification_service_test.cpp b/services/ans/test/unittest/advanced_notification_service_test.cpp
index b724d6573a4f899a777c7e823263688a88d589a3..638b7aba64bb1590739f792324fddda5bb70b1e3 100644
--- a/services/ans/test/unittest/advanced_notification_service_test.cpp
+++ b/services/ans/test/unittest/advanced_notification_service_test.cpp
@@ -1766,5 +1766,32 @@ HWTEST_F(AdvancedNotificationServiceTest, AdvancedNotificationServiceTest_12300,
     req->SetCreatorUid(1);
     EXPECT_EQ(advancedNotificationService_->Publish(label, req), 0);
 }
+
+/*
+ * @tc.name: AdvancedNotificationServiceTest_12400
+ * @tc.desc: DLP App publish notification failed.
+ * @tc.type: FUNC
+ */
+HWTEST_F(AdvancedNotificationServiceTest, AdvancedNotificationServiceTest_12400, Function | SmallTest | Level1)
+{
+    IPCSkeleton::SetCallingTokenID(DLP_NATIVE_TOKEN);
+    sptr<NotificationRequest> req = new (std::nothrow) NotificationRequest(1);
+    EXPECT_NE(req, nullptr);
+    req->SetSlotType(NotificationConstant::SlotType::OTHER);
+    req->SetLabel("req's label");
+    std::string label = "publish's label";
+    std::shared_ptr<NotificationNormalContent> normalContent = std::make_shared<NotificationNormalContent>();
+    EXPECT_NE(normalContent, nullptr);
+    normalContent->SetText("normalContent's text");
+    normalContent->SetTitle("normalContent's title");
+    std::shared_ptr<NotificationContent> content = std::make_shared<NotificationContent>(normalContent);
+    EXPECT_NE(content, nullptr);
+    req->SetContent(content);
+    EXPECT_EQ(advancedNotificationService_->Publish(label, req), ERR_ANS_DLP_HAP);
+    SleepForFC();
+
+    IPCSkeleton::SetCallingTokenID(NATIVE_TOKEN);
+    EXPECT_EQ(advancedNotificationService_->Publish(label, req), ERR_OK);
+}
 }  // namespace Notification
 }  // namespace OHOS
\ No newline at end of file
diff --git a/services/ans/test/unittest/ans_ut_constant.h b/services/ans/test/unittest/ans_ut_constant.h
index 55f5f9d7c7e76cfc364fd07d617243d62a2c967e..2e8a9b906e41865a65c23cf3691128f5326aaa8f 100644
--- a/services/ans/test/unittest/ans_ut_constant.h
+++ b/services/ans/test/unittest/ans_ut_constant.h
@@ -22,6 +22,7 @@ namespace OHOS {
 namespace Notification {
 constexpr uint32_t NATIVE_TOKEN = 0;
 constexpr uint32_t NON_NATIVE_TOKEN = 1;
+constexpr uint32_t DLP_NATIVE_TOKEN = 2;
 constexpr int32_t SYSTEM_APP_UID = 100;
 constexpr int32_t NON_SYSTEM_APP_UID = 1000;
 constexpr int32_t NON_BUNDLE_NAME_UID = 2000;
diff --git a/services/ans/test/unittest/mock/mock_access_token_helper.cpp b/services/ans/test/unittest/mock/mock_access_token_helper.cpp
index 903342e7ad5e74136f7057ba41d901355c770bf8..bd46ec578ae3229157f319cde475fe7476de18d1 100644
--- a/services/ans/test/unittest/mock/mock_access_token_helper.cpp
+++ b/services/ans/test/unittest/mock/mock_access_token_helper.cpp
@@ -38,5 +38,10 @@ bool AccessTokenHelper::IsSystemHap()
     }
     return false;
 }
+
+bool AccessTokenHelper::IsDlpHap(const Security::AccessToken::AccessTokenID &callerToken)
+{
+    return callerToken == DLP_NATIVE_TOKEN;
+}
 }  // namespace Notification
 }  // namespace OHOS
\ No newline at end of file
diff --git a/services/test/moduletest/mock/mock_access_token_helper.cpp b/services/test/moduletest/mock/mock_access_token_helper.cpp
index 3cbeab21c15f6524ee4a85f1b37138b91257a40a..99162858ed3052a2e78c4c977938f021e9b62b57 100644
--- a/services/test/moduletest/mock/mock_access_token_helper.cpp
+++ b/services/test/moduletest/mock/mock_access_token_helper.cpp
@@ -32,5 +32,10 @@ bool AccessTokenHelper::IsSystemHap()
 {
     return true;
 }
+
+bool AccessTokenHelper::IsDlpHap(const Security::AccessToken::AccessTokenID &callerToken)
+{
+    return false;
+}
 }  // namespace Notification
 }  // namespace OHOS
\ No newline at end of file