diff --git a/frameworks/js/napi/session/src/napi_session.cpp b/frameworks/js/napi/session/src/napi_session.cpp
index 99c006fbf30d030c8b7a1ce3d39390577f7d944d..567b799ef97396aae4ed4180c0547b9df93cf7f1 100644
--- a/frameworks/js/napi/session/src/napi_session.cpp
+++ b/frameworks/js/napi/session/src/napi_session.cpp
@@ -75,7 +75,7 @@ void NapiSession::ExecuteWork(napi_env env)
 }
 
 // JS thread, which is used to notify the JS page upon completion of the operation.
-void NapiSession::CompleteWork(napi_env env, napi_status status, void *data)
+void NapiSession::CompleteWork(napi_env env, napi_status status, void *data) __attribute__((no_sanitize("cfi")))
 {
     auto sess = reinterpret_cast<NapiSession *>(data);
     PARAM_CHECK(sess != nullptr && sess->GetNapiClient() != nullptr, return, "Session is null pointer");
@@ -89,7 +89,7 @@ void NapiSession::CompleteWork(napi_env env, napi_status status, void *data)
 
 // The C++ thread executes the synchronization operation. After the synchronization is complete,
 // the CompleteWork is called to notify the JS page of the completion of the operation.
-void NapiSession::ExecuteWork(napi_env env, void *data)
+void NapiSession::ExecuteWork(napi_env env, void *data) __attribute__((no_sanitize("cfi")))
 {
     auto sess = reinterpret_cast<NapiSession *>(data);
     PARAM_CHECK(sess != nullptr, return, "sess is null");
diff --git a/frameworks/js/napi/update/BUILD.gn b/frameworks/js/napi/update/BUILD.gn
index 7afa4825575dfa0c22725168266a76b34c81017d..36390c4de0980458c3bdb37764a49ddc374f228a 100644
--- a/frameworks/js/napi/update/BUILD.gn
+++ b/frameworks/js/napi/update/BUILD.gn
@@ -23,7 +23,6 @@ ohos_shared_library("$updateengine_client_library_name") {
     cfi = true
     cfi_cross_dso = true
     debug = false
-    blocklist = "./cfi_blocklist.txt"
   }
   branch_protector_ret = "pac_ret"
 
diff --git a/frameworks/js/napi/update/include/update_session.h b/frameworks/js/napi/update/include/update_session.h
index dfe615f1055cdf4acea790e73c593ef8871bfccb..319888e4cc53120a70b70c6d23b0551807b85ba0 100644
--- a/frameworks/js/napi/update/include/update_session.h
+++ b/frameworks/js/napi/update/include/update_session.h
@@ -35,7 +35,7 @@ public:
 
     ~BaseUpdateSession() override = default;
 
-    void GetUpdateResult(UpdateResult &result)
+    void GetUpdateResult(UpdateResult &result) __attribute__((no_sanitize("cfi")))
     {
         result.businessError = businessError_;
         IUpdater *migrateClient = static_cast<IUpdater *>(client_);
@@ -71,7 +71,7 @@ public:
         size_t callbackNumber = 0)
         : BasePromiseSession<UpdateResult>(client, sessionParams, argc, callbackNumber) {}
 
-    void GetUpdateResult(UpdateResult &result)
+    void GetUpdateResult(UpdateResult &result) __attribute__((no_sanitize("cfi")))
     {
         result.businessError = businessError_;
         IUpdater *migrateClient = static_cast<IUpdater *>(client_);
diff --git a/frameworks/js/napi/update/src/session_manager.cpp b/frameworks/js/napi/update/src/session_manager.cpp
index 58ded00475d7eab4cdf61c8ef855d1564d45fe4d..fb40d6e0beff79f5bd200e181efa07b76f4309e8 100644
--- a/frameworks/js/napi/update/src/session_manager.cpp
+++ b/frameworks/js/napi/update/src/session_manager.cpp
@@ -85,6 +85,7 @@ bool SessionManager::GetNextSessionId(uint32_t &sessionId)
 }
 
 int32_t SessionManager::ProcessUnsubscribe(const std::string &eventType, size_t argc, napi_value arg)
+    __attribute__((no_sanitize("cfi")))
 {
     napi_handle_scope scope;
     napi_status status = napi_open_handle_scope(env_, &scope);
@@ -120,6 +121,7 @@ int32_t SessionManager::ProcessUnsubscribe(const std::string &eventType, size_t
 }
 
 void SessionManager::Unsubscribe(const EventClassifyInfo &eventClassifyInfo, napi_value handle)
+    __attribute__((no_sanitize("cfi")))
 {
     std::lock_guard<std::recursive_mutex> guard(sessionMutex_);
     for (auto iter = sessions_.begin(); iter != sessions_.end();) {
@@ -153,6 +155,7 @@ void SessionManager::Unsubscribe(const EventClassifyInfo &eventClassifyInfo, nap
 }
 
 BaseSession *SessionManager::FindSessionByHandle(napi_env env, const std::string &eventType, napi_value arg)
+    __attribute__((no_sanitize("cfi")))
 {
     uint32_t nextSessId = 0;
     bool hasNext = GetFirstSessionId(nextSessId);
@@ -176,7 +179,7 @@ BaseSession *SessionManager::FindSessionByHandle(napi_env env, const std::string
 }
 
 BaseSession *SessionManager::FindSessionByHandle(napi_env env, const EventClassifyInfo &eventClassifyInfo,
-    napi_value arg)
+    napi_value arg) __attribute__((no_sanitize("cfi")))
 {
     std::lock_guard<std::recursive_mutex> guard(sessionMutex_);
     for (auto &iter : sessions_) {
@@ -197,6 +200,7 @@ BaseSession *SessionManager::FindSessionByHandle(napi_env env, const EventClassi
 }
 
 void SessionManager::PublishToJS(const EventClassifyInfo &eventClassifyInfo, const EventInfo &eventInfo)
+    __attribute__((no_sanitize("cfi")))
 {
     napi_handle_scope scope;
     napi_status status = napi_open_handle_scope(env_, &scope);
diff --git a/frameworks/js/napi/update/src/update_client.cpp b/frameworks/js/napi/update/src/update_client.cpp
index 2bc0d39d388e274270fd26869abc563e762c1dd6..cb19f441b677931e2828733ffe99ae32c9aee016 100644
--- a/frameworks/js/napi/update/src/update_client.cpp
+++ b/frameworks/js/napi/update/src/update_client.cpp
@@ -106,7 +106,7 @@ void UpdateClient::UnRegisterCallback()
     UpdateServiceKits::GetInstance().UnregisterUpdateCallback(upgradeInfo_);
 }
 
-napi_value UpdateClient::CheckNewVersion(napi_env env, napi_callback_info info)
+napi_value UpdateClient::CheckNewVersion(napi_env env, napi_callback_info info) __attribute__((no_sanitize("cfi")))
 {
     SessionParams sessionParams(SessionType::SESSION_CHECK_VERSION, CALLBACK_POSITION_ONE, true);
     napi_value ret = StartSession(env, info, sessionParams, [=](void *context) -> int {
@@ -117,7 +117,7 @@ napi_value UpdateClient::CheckNewVersion(napi_env env, napi_callback_info info)
     return ret;
 }
 
-napi_value UpdateClient::CancelUpgrade(napi_env env, napi_callback_info info)
+napi_value UpdateClient::CancelUpgrade(napi_env env, napi_callback_info info) __attribute__((no_sanitize("cfi")))
 {
     ENGINE_LOGI("CancelUpgrade");
     SessionParams sessionParams(SessionType::SESSION_CANCEL_UPGRADE, CALLBACK_POSITION_ONE, true);
@@ -162,7 +162,7 @@ template <typename T> ClientStatus UpdateClient::ParseUpgOptions(napi_env env, n
     return ClientStatus::CLIENT_SUCCESS;
 }
 
-napi_value UpdateClient::Download(napi_env env, napi_callback_info info)
+napi_value UpdateClient::Download(napi_env env, napi_callback_info info) __attribute__((no_sanitize("cfi")))
 {
     size_t argc = MAX_ARGC;
     napi_value args[MAX_ARGC] = { 0 };
@@ -187,7 +187,7 @@ napi_value UpdateClient::Download(napi_env env, napi_callback_info info)
     return retValue;
 }
 
-napi_value UpdateClient::PauseDownload(napi_env env, napi_callback_info info)
+napi_value UpdateClient::PauseDownload(napi_env env, napi_callback_info info) __attribute__((no_sanitize("cfi")))
 {
     size_t argc = MAX_ARGC;
     napi_value args[MAX_ARGC] = { 0 };
@@ -211,7 +211,7 @@ napi_value UpdateClient::PauseDownload(napi_env env, napi_callback_info info)
     return retValue;
 }
 
-napi_value UpdateClient::ResumeDownload(napi_env env, napi_callback_info info)
+napi_value UpdateClient::ResumeDownload(napi_env env, napi_callback_info info) __attribute__((no_sanitize("cfi")))
 {
     size_t argc = MAX_ARGC;
     napi_value args[MAX_ARGC] = { 0 };
@@ -235,7 +235,7 @@ napi_value UpdateClient::ResumeDownload(napi_env env, napi_callback_info info)
     return retValue;
 }
 
-napi_value UpdateClient::Upgrade(napi_env env, napi_callback_info info)
+napi_value UpdateClient::Upgrade(napi_env env, napi_callback_info info) __attribute__((no_sanitize("cfi")))
 {
     size_t argc = MAX_ARGC;
     napi_value args[MAX_ARGC] = { 0 };
@@ -259,7 +259,7 @@ napi_value UpdateClient::Upgrade(napi_env env, napi_callback_info info)
     return retValue;
 }
 
-napi_value UpdateClient::ClearError(napi_env env, napi_callback_info info)
+napi_value UpdateClient::ClearError(napi_env env, napi_callback_info info) __attribute__((no_sanitize("cfi")))
 {
     size_t argc = MAX_ARGC;
     napi_value args[MAX_ARGC] = { 0 };
@@ -283,7 +283,7 @@ napi_value UpdateClient::ClearError(napi_env env, napi_callback_info info)
     return retValue;
 }
 
-napi_value UpdateClient::TerminateUpgrade(napi_env env, napi_callback_info info)
+napi_value UpdateClient::TerminateUpgrade(napi_env env, napi_callback_info info) __attribute__((no_sanitize("cfi")))
 {
     size_t argc = MAX_ARGC;
     napi_value args[MAX_ARGC] = { 0 };
@@ -299,7 +299,7 @@ napi_value UpdateClient::TerminateUpgrade(napi_env env, napi_callback_info info)
     return retValue;
 }
 
-napi_value UpdateClient::SetUpgradePolicy(napi_env env, napi_callback_info info)
+napi_value UpdateClient::SetUpgradePolicy(napi_env env, napi_callback_info info) __attribute__((no_sanitize("cfi")))
 {
     size_t argc = MAX_ARGC;
     napi_value args[MAX_ARGC] = { 0 };
@@ -321,7 +321,7 @@ napi_value UpdateClient::SetUpgradePolicy(napi_env env, napi_callback_info info)
     return retValue;
 }
 
-napi_value UpdateClient::GetUpgradePolicy(napi_env env, napi_callback_info info)
+napi_value UpdateClient::GetUpgradePolicy(napi_env env, napi_callback_info info) __attribute__((no_sanitize("cfi")))
 {
     SessionParams sessionParams(SessionType::SESSION_GET_POLICY, CALLBACK_POSITION_ONE, true);
     napi_value retValue = StartSession(env, info, sessionParams, [=](void *context) -> int {
@@ -332,7 +332,7 @@ napi_value UpdateClient::GetUpgradePolicy(napi_env env, napi_callback_info info)
     return retValue;
 }
 
-napi_value UpdateClient::GetNewVersionInfo(napi_env env, napi_callback_info info)
+napi_value UpdateClient::GetNewVersionInfo(napi_env env, napi_callback_info info) __attribute__((no_sanitize("cfi")))
 {
     SessionParams sessionParams(SessionType::SESSION_GET_NEW_VERSION, CALLBACK_POSITION_ONE, true);
     napi_value retValue = StartSession(env, info, sessionParams, [=](void *context) -> int {
@@ -369,6 +369,7 @@ napi_value UpdateClient::GetNewVersionDescription(napi_env env, napi_callback_in
 }
 
 napi_value UpdateClient::GetCurrentVersionInfo(napi_env env, napi_callback_info info)
+    __attribute__((no_sanitize("cfi")))
 {
     SessionParams sessionParams(SessionType::SESSION_GET_CUR_VERSION, CALLBACK_POSITION_ONE, true);
     napi_value retValue = StartSession(env, info, sessionParams, [=](void *context) -> int {
@@ -381,6 +382,7 @@ napi_value UpdateClient::GetCurrentVersionInfo(napi_env env, napi_callback_info
 }
 
 napi_value UpdateClient::GetCurrentVersionDescription(napi_env env, napi_callback_info info)
+    __attribute__((no_sanitize("cfi")))
 {
     size_t argc = MAX_ARGC;
     napi_value args[MAX_ARGC] = { 0 };
@@ -404,7 +406,7 @@ napi_value UpdateClient::GetCurrentVersionDescription(napi_env env, napi_callbac
     return retValue;
 }
 
-napi_value UpdateClient::GetTaskInfo(napi_env env, napi_callback_info info)
+napi_value UpdateClient::GetTaskInfo(napi_env env, napi_callback_info info) __attribute__((no_sanitize("cfi")))
 {
     SessionParams sessionParams(SessionType::SESSION_GET_TASK_INFO, CALLBACK_POSITION_ONE, true);
     napi_value retValue = StartSession(env, info, sessionParams, [=](void *context) -> int {
diff --git a/services/engine/BUILD.gn b/services/engine/BUILD.gn
index c88b23cfe3feb668aa9eb1b0740dd9205d2299d6..8404e37349b1b3926a15d25fe434a6e1281cf65d 100644
--- a/services/engine/BUILD.gn
+++ b/services/engine/BUILD.gn
@@ -33,6 +33,16 @@ ohos_prebuilt_etc("updater_sa.cfg") {
 }
 
 ohos_shared_library("$updateengine_library_name") {
+  sanitize = {
+    integer_overflow = true
+    ubsan = true
+    boundary_sanitize = true
+    cfi = true
+    cfi_cross_dso = true
+    debug = false
+  }
+  branch_protector_ret = "pac_ret"
+
   shlib_type = "sa"
   include_dirs = sa_include_dirs
   sources = sa_sources