diff --git a/interfaces/innerkits/include/appspawn.h b/interfaces/innerkits/include/appspawn.h
index 4d0c6039202dcb9e3387ae4ac78f0ad2877cf3e1..8a53fdc7edd61fce45602d948c2617b6d35105a8 100644
--- a/interfaces/innerkits/include/appspawn.h
+++ b/interfaces/innerkits/include/appspawn.h
@@ -201,6 +201,7 @@ typedef enum {
     APP_FLAGS_PRE_INSTALLED_HAP = 29,
     APP_FLAGS_GET_ALL_PROCESSES = 30,
     APP_FLAGS_CUSTOM_SANDBOX = 31,
+    APP_FLAGS_ALLOW_IOURING = 33,
     APP_FLAGS_UNLOCKED_STATUS = 34,
     MAX_FLAGS_INDEX = 63,
 } AppFlagsIndex;
diff --git a/modules/common/appspawn_adapter.cpp b/modules/common/appspawn_adapter.cpp
index 09c6c19cdac69764c28c3a31b4758c32eecd1423..88344085fb479f537cb88ad1dd401b1be4e97409 100644
--- a/modules/common/appspawn_adapter.cpp
+++ b/modules/common/appspawn_adapter.cpp
@@ -216,6 +216,11 @@ int SetSeccompFilter(const AppSpawnMgr *content, const AppSpawningCtx *property)
         appName = APP_ATOMIC;
     }
 
+    // Set seccomp policy for processes that have ohos.permission.ALLOW_IOURING.
+    if (CheckAppMsgFlagsSet(property, APP_FLAGS_ALLOW_IOURING) != 0) {
+        appName = APP_ALLOW_IOURING;
+    }
+
     if (!SetSeccompPolicyWithName(type, appName)) {
         APPSPAWN_LOGE("Failed to set %{public}s seccomp filter and exit %{public}d", appName, errno);
         return -EINVAL;
diff --git a/modules/sandbox/modern/appspawn_sandbox.h b/modules/sandbox/modern/appspawn_sandbox.h
index b0065e02b5ba3ab8c48ee9c08615a29ce1795791..74a2b2ff64adb99a4c8d093fbc2b11af4d3c82b8 100644
--- a/modules/sandbox/modern/appspawn_sandbox.h
+++ b/modules/sandbox/modern/appspawn_sandbox.h
@@ -75,6 +75,7 @@ extern "C" {
 #define FILE_ACCESS_MANAGER_MODE             "ohos.permission.FILE_ACCESS_MANAGER"
 #define READ_WRITE_USER_FILE_MODE            "ohos.permission.READ_WRITE_USER_FILE"
 #define GET_ALL_PROCESSES_MODE               "ohos.permission.GET_ALL_PROCESSES"
+#define APP_ALLOW_IOURING                    "ohos.permission.ALLOW_IOURING"
 
 typedef enum SandboxTag {
     SANDBOX_TAG_MOUNT_PATH = 0,
diff --git a/modules/sandbox/modern/sandbox_manager.c b/modules/sandbox/modern/sandbox_manager.c
index c90d5c623f9e7f68c78313d5de3f52ccdfa784f1..800f5a852bc451949772d83d9d08567113283f1b 100644
--- a/modules/sandbox/modern/sandbox_manager.c
+++ b/modules/sandbox/modern/sandbox_manager.c
@@ -709,18 +709,19 @@ static int AppendPackageNameGids(const AppSpawnSandboxCfg *sandbox, AppSpawningC
     return 0;
 }
 
-static void UpdateMsgFlagsWithPermission(AppSpawnSandboxCfg *sandbox, AppSpawningCtx *property)
+static void UpdateMsgFlagsWithPermission(AppSpawnSandboxCfg *sandbox, AppSpawningCtx *property,
+    const char *permissionMode, uint32_t flag)
 {
-    int32_t allProcessIndex = GetPermissionIndexInQueue(&sandbox->permissionQueue, GET_ALL_PROCESSES_MODE);
-    int res = CheckAppPermissionFlagSet(property, (uint32_t)allProcessIndex);
+    int32_t processIndex = GetPermissionIndexInQueue(&sandbox->permissionQueue, permissionMode);
+    int res = CheckAppPermissionFlagSet(property, (uint32_t)processIndex);
     if (res == 0) {
-        APPSPAWN_LOGV("Don't need set GET_ALL_PROCESSES_MODE flag");
+        APPSPAWN_LOGV("Don't need set %{public}s flag", permissionMode);
         return;
     }
 
-    int ret = SetAppSpawnMsgFlag(property->message, TLV_MSG_FLAGS, APP_FLAGS_GET_ALL_PROCESSES);
+    int ret = SetAppSpawnMsgFlag(property->message, TLV_MSG_FLAGS, flag);
     if (ret != 0) {
-        APPSPAWN_LOGE("Set GET_ALL_PROCESSES_MODE flag failed");
+        APPSPAWN_LOGE("Set %{public}s flag failed", permissionMode);
     }
     return;
 }
@@ -780,7 +781,8 @@ int SpawnPrepareSandboxCfg(AppSpawnMgr *content, AppSpawningCtx *property)
         APPSPAWN_LOGW("set sandbox permission flag failed.");
         return APPSPAWN_SANDBOX_ERROR_SET_PERMISSION_FLAG_FAIL;
     }
-    UpdateMsgFlagsWithPermission(sandbox, property);
+    UpdateMsgFlagsWithPermission(sandbox, property, GET_ALL_PROCESSES_MODE, APP_FLAGS_GET_ALL_PROCESSES);
+    UpdateMsgFlagsWithPermission(sandbox, property, APP_ALLOW_IOURING, APP_FLAGS_ALLOW_IOURING);
 
     ret = AppendGids(sandbox, property);
     APPSPAWN_CHECK(ret == 0, return ret, "Failed to add gid for %{public}s", GetProcessName(property));
diff --git a/modules/sandbox/normal/sandbox_core.cpp b/modules/sandbox/normal/sandbox_core.cpp
index 4173e73dc3829453557a850a107694df452fceb4..0959eafb09bd6c6ba8a3b285c4bc94d53f2db71f 100644
--- a/modules/sandbox/normal/sandbox_core.cpp
+++ b/modules/sandbox/normal/sandbox_core.cpp
@@ -104,17 +104,18 @@ bool SandboxCore::CheckMountFlag(const AppSpawningCtx *appProperty, const std::s
     return false;
 }
 
-void SandboxCore::UpdateMsgFlagsWithPermission(AppSpawningCtx *appProperty)
+void SandboxCore::UpdateMsgFlagsWithPermission(AppSpawningCtx *appProperty,
+    const std::string &permissionMode, uint32_t flag)
 {
-    int32_t processIndex = GetPermissionIndex(nullptr, SandboxCommonDef::GET_ALL_PROCESSES_MODE.c_str());
+    int32_t processIndex = GetPermissionIndex(nullptr, permissionMode.c_str());
     if ((CheckAppPermissionFlagSet(appProperty, static_cast<uint32_t>(processIndex)) == 0)) {
-        APPSPAWN_LOGV("Don't need set GET_ALL_PROCESSES_MODE flag");
+        APPSPAWN_LOGV("Don't need set %{public}s flag", permissionMode.c_str());
         return;
     }
 
-    int ret = SetAppSpawnMsgFlag(appProperty->message, TLV_MSG_FLAGS, APP_FLAGS_GET_ALL_PROCESSES);
+    int ret = SetAppSpawnMsgFlag(appProperty->message, TLV_MSG_FLAGS, flag);
     if (ret != 0) {
-        APPSPAWN_LOGV("Set GET_ALL_PROCESSES_MODE flag failed");
+        APPSPAWN_LOGV("Set %{public}s flag failed", permissionMode.c_str());
     }
 }
 
@@ -898,10 +899,10 @@ int32_t SandboxCore::SetAppSandboxProperty(AppSpawningCtx *appProperty, uint32_t
         APPSPAWN_LOGW("Set app permission flag fail.");
         return -1;
     }
-    UpdateMsgFlagsWithPermission(appProperty);
+    UpdateMsgFlagsWithPermission(appProperty, SandboxCommonDef::GET_ALL_PROCESSES_MODE, APP_FLAGS_GET_ALL_PROCESSES);
+    UpdateMsgFlagsWithPermission(appProperty, SandboxCommonDef::APP_ALLOW_IOURING, APP_FLAGS_ALLOW_IOURING);
     // check app sandbox switch
-    if ((SandboxCommon::IsTotalSandboxEnabled(appProperty) == false) ||
-        (SandboxCommon::IsAppSandboxEnabled(appProperty) == false)) {
+    if (!SandboxCommon::IsTotalSandboxEnabled(appProperty) || !SandboxCommon::IsAppSandboxEnabled(appProperty)) {
         rc = DoSandboxRootFolderCreateAdapt(sandboxPackagePath);
     } else if (!sandboxSharedStatus) {
         rc = DoSandboxRootFolderCreate(appProperty, sandboxPackagePath);
diff --git a/modules/sandbox/normal/sandbox_core.h b/modules/sandbox/normal/sandbox_core.h
index 9f379b7206054b83d7d222d5c1aeee471b8d10b9..2d61cd18bcf9f61defa3649968dde6f3cd949161 100644
--- a/modules/sandbox/normal/sandbox_core.h
+++ b/modules/sandbox/normal/sandbox_core.h
@@ -74,7 +74,8 @@ private:
     static uint32_t GetAppMsgFlags(const AppSpawningCtx *property);
     static bool CheckMountFlag(const AppSpawningCtx *appProperty, const std::string bundleName,
                                cJSON *appConfig);
-    static void UpdateMsgFlagsWithPermission(AppSpawningCtx *appProperty);
+    static void UpdateMsgFlagsWithPermission(AppSpawningCtx *appProperty,
+        const std::string &permissionMode, uint32_t flag);
     static int32_t UpdatePermissionFlags(AppSpawningCtx *appProperty);
     static std::string GetSandboxPath(const AppSpawningCtx *appProperty, cJSON *mntPoint,
                                       const std::string &section, std::string sandboxRoot);
diff --git a/modules/sandbox/normal/sandbox_def.h b/modules/sandbox/normal/sandbox_def.h
index 2762d14bb3f72f1b0264f512243470af576a9f0a..be6b7deb6b9daf4320bec14ff187ba87cffa61e8 100644
--- a/modules/sandbox/normal/sandbox_def.h
+++ b/modules/sandbox/normal/sandbox_def.h
@@ -146,6 +146,7 @@ const std::string ACCESS_DLP_FILE_MODE = "ohos.permission.ACCESS_DLP_FILE";
 const std::string FILE_ACCESS_MANAGER_MODE = "ohos.permission.FILE_ACCESS_MANAGER";
 const std::string READ_WRITE_USER_FILE_MODE = "ohos.permission.READ_WRITE_USER_FILE";
 const std::string GET_ALL_PROCESSES_MODE = "ohos.permission.GET_ALL_PROCESSES";
+const std::string APP_ALLOW_IOURING = "ohos.permission.ALLOW_IOURING";
 const std::string ARK_WEB_PERSIST_PACKAGE_NAME = "persist.arkwebcore.package_name";
 
 // 枚举类型
diff --git a/util/include/appspawn_utils.h b/util/include/appspawn_utils.h
index 2d1965551fcb024e4240559918ec6a63c4f1d2ce..d876834432fcea828a05a31b11043baab734a6ce 100644
--- a/util/include/appspawn_utils.h
+++ b/util/include/appspawn_utils.h
@@ -102,7 +102,8 @@ typedef struct TagAppSpawnCommonEnv {
 
 /* spawner permission */
 static const char *g_spawnerPermissionList[] = {
-    "ohos.permission.FOWNER"
+    "ohos.permission.FOWNER",
+    "ohos.permission.ALLOW_IOURING"
 };
 
 typedef enum {