diff --git a/BUILD.gn b/BUILD.gn
index d0e4d285e6305573c2ec2e587a4a91c2c4dc434f..9f52f15959b28689120954cd6a9d2272a3adcaaf 100755
--- a/BUILD.gn
+++ b/BUILD.gn
@@ -39,7 +39,15 @@ config("appspawn_config") {
 ohos_executable("appspawn") {
   sources = [ "${appspawn_path}/src/main.cpp" ]
   configs = [ ":appspawn_config" ]
-  deps = [ "${appspawn_path}:appspawn_server" ]
+  include_dirs = [
+    "//base/security/access_token/interfaces/innerkits/token_setproc/include",
+    "//base/security/selinux/interfaces/policycoreutils/include",
+  ]
+  deps = [
+    "${appspawn_path}:appspawn_server",
+    "//base/security/access_token/interfaces/innerkits/token_setproc:libtoken_setproc",
+    "//base/security/selinux:libload_policy",
+  ]
   external_deps = [ "hiviewdfx_hilog_native:libhilog" ]
 
   install_enable = true
diff --git a/interfaces/innerkits/include/client_socket.h b/interfaces/innerkits/include/client_socket.h
index 2706a7c31bef2a7a6b966492e579eb6ffaa405cf..7bcb0c7f774b962c13b1184395ac1e4d75e9d6b5 100644
--- a/interfaces/innerkits/include/client_socket.h
+++ b/interfaces/innerkits/include/client_socket.h
@@ -87,6 +87,7 @@ public:
     static constexpr int LEN_PROC_NAME = 256;           // process name length
     static constexpr int LEN_SO_PATH = 256;             // load so lib
     static constexpr int MAX_GIDS = 64;
+    static constexpr int APL_MAX_LEN = 32;
 
     struct AppProperty {
         uint32_t uid;                     // the UNIX uid that the child process setuid() to after fork()
@@ -95,6 +96,8 @@ public:
         uint32_t gidCount;                // the size of gidTable
         char processName[LEN_PROC_NAME];  // process name
         char soPath[LEN_SO_PATH];         // so lib path
+        uint32_t accessTokenId;
+        char apl[APL_MAX_LEN];
     };
 
 private:
diff --git a/src/appspawn_server.cpp b/src/appspawn_server.cpp
index 38ccf1e4f6302be67dfb68f9007080e5288a5ac7..687f67e049e446023a5cb267b660a50126f737ff 100644
--- a/src/appspawn_server.cpp
+++ b/src/appspawn_server.cpp
@@ -27,6 +27,12 @@
 #include "hilog/log.h"
 #include "main_thread.h"
 #include "securec.h"
+#include "token_setproc.h"
+#include "hap_restorecon.h"
+#include "bundle_mgr_interface.h"
+#include "if_system_ability_manager.h"
+#include "iservice_registry.h"
+#include "system_ability_definition.h"
 
 #include <dirent.h>
 #include <dlfcn.h>
@@ -420,6 +426,17 @@ bool AppSpawnServer::SetAppProcProperty(int connectFd, const ClientSocket::AppPr
         return false;
     }
 
+    ret = SetSelfTokenID(appProperty->accessTokenId);
+    if (ret != 0) {
+        HiLog::Error(LABEL, "AppSpawnServer::Failed to set access token id, errno = %{public}d", errno);
+    }
+
+    HapContext hapContext;
+    ret = hapContext.HapDomainSetcontext(appProperty->apl, appProperty->processName);
+    if (ret != 0) {
+        HiLog::Error(LABEL, "AppSpawnServer::Failed to hap domain set context, errno = %{public}d", errno);
+    }
+
     ret = SetProcessName(longProcName, longProcNameLen, appProperty->processName, strlen(appProperty->processName) + 1);
     if (FAILED(ret)) {
         NotifyResToParentProc(fd[1], ret);