diff --git a/BUILD.gn b/BUILD.gn
index 400c068e8108b9b471c488389df59d972c58f5d8..0ec9775fa8d457e441545863ff5efabd3d17a159 100644
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -35,6 +35,7 @@ config("appspawn_config") {
     "//base/security/access_token/interfaces/innerkits/token_setproc/include",
     "//base/startup/init_lite/services/log",
     "//base/startup/init_lite/interfaces/innerkits/include",
+    "//base/startup/init_lite/interfaces/innerkits/sandbox/include",
     "//base/startup/syspara_lite/interfaces/innerkits/native/syspara/include",
   ]
 
@@ -72,6 +73,7 @@ ohos_static_library("appspawn_server") {
     "${aafwk_path}/frameworks/kits/appkit:appkit_native",
     "//base/startup/init_lite/interfaces/innerkits:libbegetutil",
     "//base/startup/init_lite/services/log:init_log",
+    "//base/startup/init_lite/interfaces/innerkits/sandbox:libsandbox",
     "//base/startup/syspara_lite/interfaces/innerkits/native/syspara:syspara",
     "//utils/native/base:utils",
   ]
@@ -149,6 +151,7 @@ ohos_static_library("nwebspawn_server") {
     "//base/startup/init_lite/interfaces/innerkits:libbegetutil",
     "//base/startup/init_lite/interfaces/innerkits/socket:libsocket_static",
     "//base/startup/init_lite/services/log:init_log",
+    "//base/startup/init_lite/interfaces/innerkits/sandbox:libsandbox",
     "//base/startup/syspara_lite/interfaces/innerkits/native/syspara:syspara",
     "//utils/native/base:utils",
   ]
diff --git a/src/appspawn_server.cpp b/src/appspawn_server.cpp
index c263b983ee09dd72d0a16b04c0fdcd12cfeb648e..352f7ecbad073f45f9585fde968c54d6340bbafb 100644
--- a/src/appspawn_server.cpp
+++ b/src/appspawn_server.cpp
@@ -43,6 +43,8 @@
 #include "parameter.h"
 #include "parameters.h"
 #include "beget_ext.h"
+#include "sandbox.h"
+#include "sandbox_namespace.h"
 #ifdef WITH_SELINUX
 #include "hap_restorecon.h"
 #endif
@@ -345,6 +347,40 @@ int AppSpawnServer::DoColdStartApp(ClientSocket::AppProperty *appProperty, int f
     return 0;
 }
 
+void AppSpawnServer::RegisterSandbox(const char *sandbox)
+{
+    if (sandbox == NULL) {
+        HiLog::Error(LABEL, "AppSpawnServer::invalid parameters");
+        return;
+    }
+    InitDefaultNamespace();
+    if (!InitSandboxWithName(sandbox)) {
+        CloseDefaultNamespace();
+        HiLog::Error(LABEL, "AppSpawnServer::Failed to init sandbox with name %s", sandbox);
+        return;
+    }
+
+    DumpSandboxByName(sandbox);
+    if (PrepareSandbox(sandbox) != 0) {
+        HiLog::Error(LABEL, "AppSpawnServer::Failed to prepare sandbox %s", sandbox);
+        DestroySandbox(sandbox);
+        CloseDefaultNamespace();
+        return;
+    }
+    if (EnterDefaultNamespace() < 0) {
+        HiLog::Error(LABEL, "AppSpawnServer::Failed to set default namespace");
+        DestroySandbox(sandbox);
+        CloseDefaultNamespace();
+        return;
+    }
+    CloseDefaultNamespace();
+    if (strcmp(sandbox, "app") == 0) {
+        isAppSandboxCreated_ = true;
+    } else if (strcmp(sandbox, "priv-app") == 0) {
+        isPrivAppSandboxCreated_ = true;
+    }
+}
+
 static int WaitChild(int fd, int pid, ClientSocket::AppProperty *appProperty)
 {
     int result = 0;
@@ -380,6 +416,16 @@ int AppSpawnServer::StartApp(char *longProcName, int64_t longProcNameLen,
     fcntl(fd[0], F_SETFL, O_NONBLOCK);
 
     InstallSigHandler();
+    if (isPrivAppSandboxCreated_ == false) {
+        if (strcmp("system_basic", appProperty->apl) == 0) {
+            RegisterSandbox("priv-app");
+        }
+    }
+    if (isAppSandboxCreated_ == false) {
+        if (strcmp("normal", appProperty->apl) == 0) {
+            RegisterSandbox("app");
+        }
+    }
     pid = fork();
     if (pid < 0) {
         HiLog::Error(LABEL, "AppSpawnServer::Failed to fork new process, errno = %{public}d", errno);
@@ -387,6 +433,13 @@ int AppSpawnServer::StartApp(char *longProcName, int64_t longProcNameLen,
         close(fd[1]);
         return -errno;
     } else if (pid == 0) {
+        if (strcmp("system_basic", appProperty->apl) == 0) {
+            EnterSandbox("priv-app");
+        } else if (strcmp("normal", appProperty->apl) == 0) {
+            EnterSandbox("app");
+        } else {
+            HiLog::Error(LABEL, "AppSpawnServer::Failed to match appspawn sandbox");
+        }
         InitDebugParams(appProperty);
         SpecialHandle(appProperty);
         // close socket connection and peer socket in child process
@@ -883,8 +936,7 @@ int32_t AppSpawnServer::SetAppSandboxProperty(const ClientSocket::AppProperty *a
     int rc = 0;
 
     // create /mnt/sandbox/<packagename> path， later put it to rootfs module
-    std::string sandboxPackagePath = "/mnt/sandbox/";
-    mkdir(sandboxPackagePath.c_str(), FILE_MODE);
+    std::string sandboxPackagePath = "/";
     sandboxPackagePath += appProperty->bundleName;
     mkdir(sandboxPackagePath.c_str(), FILE_MODE);
 
diff --git a/src/include/appspawn_server.h b/src/include/appspawn_server.h
index cda398e7b458cc0702e3f990fc7bff8fe638ee7c..a28028473a8f567e34980b52b8b2a7be8ce052c0 100644
--- a/src/include/appspawn_server.h
+++ b/src/include/appspawn_server.h
@@ -195,6 +195,8 @@ private:
     void HandleSignal();
 
     void QuickExitMain();
+
+    void RegisterSandbox(const char *sandbox);
 private:
     const std::string deviceNull_ = "/dev/null";
     std::string socketName_ {};
@@ -209,6 +211,8 @@ private:
     bool isChildDie_ { false };
     pid_t childPid_ {};
     std::map<pid_t, std::string> appMap_;
+    bool isAppSandboxCreated_ {false};
+    bool isPrivAppSandboxCreated_ {false};
 #ifdef NWEB_SPAWN
     void *nwebHandle = nullptr;
 #endif
diff --git a/test/unittest/app_spawn_server_test/BUILD.gn b/test/unittest/app_spawn_server_test/BUILD.gn
index 83a07f4e460c9845231b0c329dfc9569dea90fb6..95ac6bbe94269849b96f7f09f96815cb56e6003c 100644
--- a/test/unittest/app_spawn_server_test/BUILD.gn
+++ b/test/unittest/app_spawn_server_test/BUILD.gn
@@ -21,6 +21,7 @@ ohos_unittest("AppSpawnServerOverrideTest") {
     "//base/security/access_token/interfaces/innerkits/token_setproc/include",
     "//base/startup/init_lite/services/log",
     "//base/startup/init_lite/interfaces/innerkits/include",
+    "//base/startup/init_lite/interfaces/innerkits/sandbox/include",
     "//base/startup/syspara_lite/interfaces/innerkits/native/syspara/include",
   ]
 
@@ -41,6 +42,7 @@ ohos_unittest("AppSpawnServerOverrideTest") {
     "//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc",
     "//base/startup/init_lite/interfaces/innerkits:libbegetutil",
     "//base/startup/init_lite/services/log:init_log",
+    "//base/startup/init_lite/interfaces/innerkits/sandbox:libsandbox",
     "//base/startup/syspara_lite/interfaces/innerkits/native/syspara:syspara",
   ]
 
@@ -68,6 +70,7 @@ ohos_unittest("AppSpawnServerMockTest") {
     "//base/security/access_token/interfaces/innerkits/token_setproc/include",
     "//base/startup/init_lite/services/log",
     "//base/startup/init_lite/interfaces/innerkits/include",
+    "//base/startup/init_lite/interfaces/innerkits/sandbox/include",
     "//base/startup/syspara_lite/interfaces/innerkits/native/syspara/include",
   ]
 
@@ -89,6 +92,7 @@ ohos_unittest("AppSpawnServerMockTest") {
     "//base/startup/init_lite/interfaces/innerkits:libbegetutil",
     "//base/startup/init_lite/interfaces/innerkits/socket:libsocket_static",
     "//base/startup/init_lite/services/log:init_log",
+    "//base/startup/init_lite/interfaces/innerkits/sandbox:libsandbox",
     "//base/startup/syspara_lite/interfaces/innerkits/native/syspara:syspara",
   ]