diff --git a/BUILD.gn b/BUILD.gn
index c59f4a439f22f65282c806741612f77e5e171f44..7037440218b7bdfce91d991292cf858a0b61945b 100644
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -36,6 +36,8 @@ config("appspawn_config") {
     "//base/security/access_token/interfaces/innerkits/token_setproc/include",
     "//base/startup/init_lite/services/log",
     "//base/startup/init_lite/interfaces/innerkits/include",
+    "//base/startup/init_lite/interfaces/innerkits/sandbox/include",
+    "//base/startup/init_lite/services/include",
     "//base/startup/syspara_lite/interfaces/innerkits/native/syspara/include",
   ]
 
@@ -72,6 +74,7 @@ ohos_static_library("appspawn_server") {
     "${aafwk_path}/frameworks/kits/ability/native:abilitykit_native",
     "${aafwk_path}/frameworks/kits/appkit:appkit_native",
     "//base/startup/init_lite/interfaces/innerkits:libbegetutil",
+    "//base/startup/init_lite/interfaces/innerkits/sandbox:libsandbox",
     "//base/startup/init_lite/services/log:init_log",
     "//base/startup/syspara_lite/interfaces/innerkits/native/syspara:syspara",
     "//utils/native/base:utils",
@@ -148,6 +151,7 @@ ohos_static_library("nwebspawn_server") {
     "${aafwk_path}/frameworks/kits/ability/native:abilitykit_native",
     "${aafwk_path}/frameworks/kits/appkit:appkit_native",
     "//base/startup/init_lite/interfaces/innerkits:libbegetutil",
+    "//base/startup/init_lite/interfaces/innerkits/sandbox:libsandbox",
     "//base/startup/init_lite/interfaces/innerkits/socket:libsocket_static",
     "//base/startup/init_lite/services/log:init_log",
     "//base/startup/syspara_lite/interfaces/innerkits/native/syspara:syspara",
diff --git a/src/appspawn_server.cpp b/src/appspawn_server.cpp
index d8a0cfb7c74231816cbff56cdc51cfa7d34dd207..efd99ef0bb855a7f73cf5dffaf4773d4ca0dbecc 100755
--- a/src/appspawn_server.cpp
+++ b/src/appspawn_server.cpp
@@ -37,6 +37,8 @@
 #include "bundle_mgr_interface.h"
 #include "if_system_ability_manager.h"
 #include "iservice_registry.h"
+#include "sandbox.h"
+#include "sandbox_namespace.h"
 #include "system_ability_definition.h"
 #include "token_setproc.h"
 #include "parameter.h"
@@ -81,6 +83,28 @@ static constexpr HiLogLabel LABEL = {LOG_CORE, 0, "AppSpawnServer"};
 extern "C" {
 #endif
 
+static void RegisterSandbox(const char *sandbox)
+{
+    if (sandbox == NULL) {
+        HiLog::Error(LABEL, "AppSpawnServer::invalid parameters");
+        return;
+    }
+    InitDefaultNamespace();
+    if (!InitSandboxWithName(sandbox)) {
+        HiLog::Error(LABEL, "AppSpawnServer::Failed to init sandbox with name %s", sandbox);
+    }
+
+    DumpSandboxByName(sandbox);
+    if (PrepareSandbox(sandbox) != 0) {
+        HiLog::Error(LABEL, "AppSpawnServer::Failed to prepare sandbox %s", sandbox);
+        DestroySandbox(sandbox);
+    }
+    if (EnterDefaultNamespace() < 0) {
+        HiLog::Error(LABEL, "AppSpawnServer::Failed to set default namespace");
+    }
+    CloseDefaultNamespace();
+}
+
 static void SignalHandler([[maybe_unused]] int sig)
 {
     pid_t pid;
@@ -326,6 +350,13 @@ int AppSpawnServer::StartApp(char *longProcName, int64_t longProcNameLen,
         close(fd[1]);
         return -errno;
     } else if (pid == 0) {
+        if (strcmp("system_basic", appProperty->apl) == 0) {
+            EnterSandbox("priv-app");
+        } else if (strcmp("normal", appProperty->apl) == 0) {
+            EnterSandbox("app");
+        } else {
+            HiLog::Error(LABEL, "AppSpawnServer::Failed to match appspawn sandbox");
+        }
         SpecialHandle(appProperty);
         // close socket connection and peer socket in child process
         if (socket_ != NULL) {
@@ -359,6 +390,8 @@ bool AppSpawnServer::ServerMain(char *longProcName, int64_t longProcNameLen)
         return false;
     }
     std::thread(&AppSpawnServer::ConnectionPeer, this).detach();
+    RegisterSandbox("priv-app");
+    RegisterSandbox("app");
     LoadAceLib();
 
     std::thread(&AppSpawnServer::WaitRebootEvent, this).detach();
@@ -806,6 +839,13 @@ int32_t AppSpawnServer::SetAppSandboxProperty(const ClientSocket::AppProperty *a
 
     // create /mnt/sandbox/<packagename> path， later put it to rootfs module
     std::string sandboxPackagePath = "/mnt/sandbox/";
+    if (strcmp("normal", appProperty->apl) == 0) {
+        sandboxPackagePath += "app/";
+    } else if (strcmp("system_basic", appProperty->apl) == 0) {
+        sandboxPackagePath += "priv-app/";
+    } else {
+        HiLog::Error(LABEL, "Failed to match appspawn sandbox");
+    }
     mkdir(sandboxPackagePath.c_str(), FILE_MODE);
     sandboxPackagePath += appProperty->bundleName;
     mkdir(sandboxPackagePath.c_str(), FILE_MODE);
diff --git a/test/unittest/app_spawn_server_test/BUILD.gn b/test/unittest/app_spawn_server_test/BUILD.gn
index 83a07f4e460c9845231b0c329dfc9569dea90fb6..4228b485e18199d4f3a7b9035ac0a092ed992dce 100644
--- a/test/unittest/app_spawn_server_test/BUILD.gn
+++ b/test/unittest/app_spawn_server_test/BUILD.gn
@@ -19,8 +19,10 @@ ohos_unittest("AppSpawnServerOverrideTest") {
 
   include_dirs = [
     "//base/security/access_token/interfaces/innerkits/token_setproc/include",
+    "//base/startup/init_lite/services/include",
     "//base/startup/init_lite/services/log",
     "//base/startup/init_lite/interfaces/innerkits/include",
+    "//base/startup/init_lite/interfaces/innerkits/sandbox/include",
     "//base/startup/syspara_lite/interfaces/innerkits/native/syspara/include",
   ]
 
@@ -40,6 +42,7 @@ ohos_unittest("AppSpawnServerOverrideTest") {
     "${appspawn_path}/test:appspawn_test_source",
     "//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc",
     "//base/startup/init_lite/interfaces/innerkits:libbegetutil",
+    "//base/startup/init_lite/interfaces/innerkits/sandbox:libsandbox",
     "//base/startup/init_lite/services/log:init_log",
     "//base/startup/syspara_lite/interfaces/innerkits/native/syspara:syspara",
   ]
@@ -66,8 +69,10 @@ ohos_unittest("AppSpawnServerMockTest") {
 
   include_dirs = [
     "//base/security/access_token/interfaces/innerkits/token_setproc/include",
+    "//base/startup/init_lite/services/include",
     "//base/startup/init_lite/services/log",
     "//base/startup/init_lite/interfaces/innerkits/include",
+    "//base/startup/init_lite/interfaces/innerkits/sandbox/include",
     "//base/startup/syspara_lite/interfaces/innerkits/native/syspara/include",
   ]
 
@@ -87,6 +92,7 @@ ohos_unittest("AppSpawnServerMockTest") {
     "${appspawn_path}/test:appspawn_test_source",
     "//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc",
     "//base/startup/init_lite/interfaces/innerkits:libbegetutil",
+    "//base/startup/init_lite/interfaces/innerkits/sandbox:libsandbox",
     "//base/startup/init_lite/interfaces/innerkits/socket:libsocket_static",
     "//base/startup/init_lite/services/log:init_log",
     "//base/startup/syspara_lite/interfaces/innerkits/native/syspara:syspara",