diff --git a/frameworks/common/include/sandbox_manager_log.h b/frameworks/common/include/sandbox_manager_log.h
index 64057a9cdb52bd570f7f22a63ed818dd0ab2266e..72510f457053ae8d789b7c6704af800b02ee8b60 100644
--- a/frameworks/common/include/sandbox_manager_log.h
+++ b/frameworks/common/include/sandbox_manager_log.h
@@ -16,6 +16,19 @@
 #ifndef SANDBOXMANAGER_LOG_H
 #define SANDBOXMANAGER_LOG_H
 
+#include <string>
+namespace OHOS {
+namespace AccessControl {
+namespace SandboxManager {
+
+class SandboxManagerLog {
+public:
+    static std::string MaskRealPath(const char *path);
+};
+} // namespace SandboxManager
+} // namespace AccessControl
+} // namespace OHOS
+
 #ifdef HILOG_ENABLE
 
 #include "hilog/log.h"
diff --git a/frameworks/sandbox_manager/BUILD.gn b/frameworks/sandbox_manager/BUILD.gn
index 89a5d2187408c5b63d6cde22e88e9e859a4573f4..42210372df3ff2b4480bf95398ac6fbb4e1950af 100644
--- a/frameworks/sandbox_manager/BUILD.gn
+++ b/frameworks/sandbox_manager/BUILD.gn
@@ -97,6 +97,7 @@ ohos_shared_library("sandbox_manager_communication_adapter_cxx") {
     "src/policy_info_parcel.cpp",
     "src/policy_info_vector_parcel.cpp",
     "src/sandbox_manager_dfx_helper.cpp",
+    "src/sandbox_manager_log.cpp",
   ]
 
   external_deps = [
diff --git a/frameworks/sandbox_manager/src/sandbox_manager_log.cpp b/frameworks/sandbox_manager/src/sandbox_manager_log.cpp
new file mode 100644
index 0000000000000000000000000000000000000000..1501d5aba5d0d423a00300f29a81a18de224e82e
--- /dev/null
+++ b/frameworks/sandbox_manager/src/sandbox_manager_log.cpp
@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 2025 Huawei Device Co., Ltd.
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+
+#include <iostream>
+#include <sstream>
+#include <vector>
+#include "sandbox_manager_log.h"
+
+namespace OHOS {
+namespace AccessControl {
+namespace SandboxManager {
+
+#define FIRST_MASK_PART  2    /* /aa, / is 1, aa is 2 */
+#define MASK_INFO  "***"
+#define DOUBLE_POINT  2
+const std::string EMPTY_PATH = "empty path";
+
+static std::string AddTail(std::vector<std::string> parts)
+{
+    std::string ret;
+    if (parts.back() != "/") {
+        std::string lastPart = parts.back();
+        ret += "/";
+        ret += lastPart[0];
+        size_t dotPos = lastPart.find('.');
+        if (dotPos != std::string::npos) {
+            ret += MASK_INFO + lastPart.substr(dotPos);
+        } else {
+            ret += MASK_INFO;
+        }
+    } else {
+        ret += "/";
+    }
+
+    return ret;
+}
+
+std::string SandboxManagerLog::MaskRealPath(const char *path)
+{
+    std::string pathStr(path);
+    std::istringstream stream(pathStr);
+    std::string part;
+    std::vector<std::string> parts;
+
+    while (std::getline(stream, part, '/')) {
+        if (!part.empty()) {
+            parts.push_back(part);
+        } else {
+            /* means find "//" */
+            parts.push_back("/");
+        }
+    }
+
+    std::string ret;
+    if (parts.empty()) {
+        return "empty path";
+    }
+
+    if ((parts[0] == "/") && (parts.size() > FIRST_MASK_PART)) {
+        ret += "/" + parts[1];
+    } else {
+        ret += parts[0];
+    }
+
+    for (size_t i = FIRST_MASK_PART; i < parts.size() - 1; ++i) {
+        ret += "/";
+        if ((parts[i].substr(0, 1) == ".") || (parts[i].substr(0, DOUBLE_POINT) == "..")) {
+            ret += parts[i];
+        } else if (parts[i] != "/") {
+            ret += MASK_INFO;
+        }
+    }
+
+    if (parts.size() > 1) {
+        ret += AddTail(parts);
+    }
+
+    return ret;
+}
+
+} // namespace SandboxManager
+} // namespace AccessControl
+} // namespace OHOS
diff --git a/services/sandbox_manager/main/cpp/src/mac/mac_adapter.cpp b/services/sandbox_manager/main/cpp/src/mac/mac_adapter.cpp
index ecf61da94034ceffb5d3c8be78ade81b1d8c83f2..7547dbcb0fc959366591fc4c46f5fe8f543a87a9 100644
--- a/services/sandbox_manager/main/cpp/src/mac/mac_adapter.cpp
+++ b/services/sandbox_manager/main/cpp/src/mac/mac_adapter.cpp
@@ -314,13 +314,19 @@ int32_t MacAdapter::SetSandboxPolicy(const std::vector<PolicyInfo> &policy, std:
             return SANDBOX_MANAGER_MAC_IOCTL_ERR;
         }
         for (size_t i = 0; i < curBatchSize; ++i) {
-            result[offset + i] = info.pathInfos[i].result ? SANDBOX_MANAGER_OK : POLICY_MAC_FAIL;
+            if (info.pathInfos[i].result == 0) {
+                std::string maskPath = SandboxManagerLog::MaskRealPath(info.pathInfos[i].path);
+                SANDBOXMANAGER_LOG_ERROR(LABEL, "Set policy failed at %{public}s", maskPath.c_str());
+                result[offset + i] = POLICY_MAC_FAIL;
+            } else {
+                result[offset + i] = SANDBOX_MANAGER_OK;
+            }
         }
     }
     uint32_t failCount = static_cast<uint32_t>(
         std::count_if(result.begin(), result.end(), [](uint32_t res) { return res != SANDBOX_MANAGER_OK; }));
     if (failCount > 0) {
-        SANDBOXMANAGER_LOG_WARN(LABEL, "Set policy has failed items, failCount=%{public}u.", failCount);
+        SANDBOXMANAGER_LOG_ERROR(LABEL, "Set policy has failed items, failCount=%{public}u.", failCount);
     }
     return SANDBOX_MANAGER_OK;
 }
@@ -356,13 +362,17 @@ int32_t MacAdapter::QuerySandboxPolicy(uint32_t tokenId, const std::vector<Polic
             return SANDBOX_MANAGER_MAC_IOCTL_ERR;
         }
         for (size_t i = 0; i < curBatchSize; ++i) {
+            if (info.pathInfos[i].result == 0) {
+                std::string maskPath = SandboxManagerLog::MaskRealPath(info.pathInfos[i].path);
+                SANDBOXMANAGER_LOG_ERROR(LABEL, "Query policy failed at %{public}s", maskPath.c_str());
+            }
             result[offset + i] = info.pathInfos[i].result;
         }
     }
 
     uint32_t failCount = static_cast<uint32_t>(std::count(result.begin(), result.end(), false));
     if (failCount > 0) {
-        SANDBOXMANAGER_LOG_WARN(LABEL, "Query policy has failed items, failCount=%{public}u.", failCount);
+        SANDBOXMANAGER_LOG_ERROR(LABEL, "Query policy has failed items, failCount=%{public}u.", failCount);
     }
     return SANDBOX_MANAGER_OK;
 }
@@ -398,13 +408,17 @@ int32_t MacAdapter::CheckSandboxPolicy(uint32_t tokenId, const std::vector<Polic
             return SANDBOX_MANAGER_MAC_IOCTL_ERR;
         }
         for (size_t i = 0; i < curBatchSize; ++i) {
+            if (info.pathInfos[i].result == 0) {
+                std::string maskPath = SandboxManagerLog::MaskRealPath(info.pathInfos[i].path);
+                SANDBOXMANAGER_LOG_ERROR(LABEL, "check policy failed at %{public}s", maskPath.c_str());
+            }
             result[offset + i] = info.pathInfos[i].result;
         }
     }
 
     uint32_t failCount = static_cast<uint32_t>(std::count(result.begin(), result.end(), false));
     if (failCount > 0) {
-        SANDBOXMANAGER_LOG_WARN(LABEL, "Check policy has failed items, failCount=%{public}u.", failCount);
+        SANDBOXMANAGER_LOG_ERROR(LABEL, "Check policy has failed items, failCount=%{public}u.", failCount);
     }
     return SANDBOX_MANAGER_OK;
 }
@@ -444,13 +458,17 @@ int32_t MacAdapter::UnSetSandboxPolicy(uint32_t tokenId, const std::vector<Polic
             return SANDBOX_MANAGER_MAC_IOCTL_ERR;
         }
         for (size_t i = 0; i < curBatchSize; ++i) {
+            if (info.pathInfos[i].result == 0) {
+                std::string maskPath = SandboxManagerLog::MaskRealPath(info.pathInfos[i].path);
+                SANDBOXMANAGER_LOG_ERROR(LABEL, "Unset policy failed at %{public}s", maskPath.c_str());
+            }
             result[offset + i] = info.pathInfos[i].result;
         }
     }
 
     uint32_t failCount = static_cast<uint32_t>(std::count(result.begin(), result.end(), false));
     if (failCount > 0) {
-        SANDBOXMANAGER_LOG_WARN(LABEL, "Unset policy has failed items, failCount=%{public}u.", failCount);
+        SANDBOXMANAGER_LOG_ERROR(LABEL, "Unset policy has failed items, failCount=%{public}u.", failCount);
     }
     return SANDBOX_MANAGER_OK;
 }
@@ -490,13 +508,17 @@ int32_t MacAdapter::UnSetSandboxPolicyByUser(int32_t userId, const std::vector<P
             return SANDBOX_MANAGER_MAC_IOCTL_ERR;
         }
         for (size_t i = 0; i < curBatchSize; ++i) {
+            if (info.pathInfos[i].result == 0) {
+                std::string maskPath = SandboxManagerLog::MaskRealPath(info.pathInfos[i].path);
+                SANDBOXMANAGER_LOG_ERROR(LABEL, "Unset by user failed at %{public}s", maskPath.c_str());
+            }
             result[offset + i] = info.pathInfos[i].result;
         }
     }
 
     uint32_t failCount = static_cast<uint32_t>(std::count(result.begin(), result.end(), false));
     if (failCount > 0) {
-        SANDBOXMANAGER_LOG_WARN(LABEL, "Unset policy has failed items, failCount=%{public}u.", failCount);
+        SANDBOXMANAGER_LOG_ERROR(LABEL, "Unset policy has failed items, failCount=%{public}u.", failCount);
     }
     return SANDBOX_MANAGER_OK;
 }
@@ -519,7 +541,9 @@ int32_t MacAdapter::UnSetSandboxPolicy(uint32_t tokenId, const PolicyInfo &polic
         info.pathInfos[0].path, info.pathInfos[0].mode);
 
     if (ioctl(fd_, UN_SET_POLICY_CMD, &info) < 0) {
-        SANDBOXMANAGER_LOG_ERROR(LABEL, "Unset policy failed, errno=%{public}d.", errno);
+        std::string maskPath = SandboxManagerLog::MaskRealPath(info.pathInfos[0].path);
+        SANDBOXMANAGER_LOG_ERROR(LABEL, "Unset policy failed, errno=%{public}d. path = %{public}s",
+                                 errno, maskPath.c_str());
         return SANDBOX_MANAGER_MAC_IOCTL_ERR;
     }
 
diff --git a/services/sandbox_manager/test/unittest/policy_info_manager_test.cpp b/services/sandbox_manager/test/unittest/policy_info_manager_test.cpp
index 77ce987ace5ffa86e4b857d9426b8fcb7b148274..f2b2883125453989ae4ea16aa4e670bcc2e5f508 100644
--- a/services/sandbox_manager/test/unittest/policy_info_manager_test.cpp
+++ b/services/sandbox_manager/test/unittest/policy_info_manager_test.cpp
@@ -511,6 +511,188 @@ HWTEST_F(PolicyInfoManagerTest, DenyTest010, TestSize.Level1)
 #endif
 #endif
 
+/**
+ * @tc.name: MaskRealPath001
+ * @tc.desc: normal path
+ * @tc.type: FUNC
+ * @tc.require:
+ */
+HWTEST_F(PolicyInfoManagerTest, MaskRealPath001, TestSize.Level1)
+{
+    std::string input1 = "/aa/bb/cc/dd.txt";
+    std::string expect = "/aa/***/***/d***.txt";
+    std::string path = SandboxManagerLog::MaskRealPath(input1.c_str());
+    EXPECT_EQ(true, expect == path);
+}
+
+/**
+ * @tc.name: MaskRealPath002
+ * @tc.desc: normal path short name
+ * @tc.type: FUNC
+ * @tc.require:
+ */
+HWTEST_F(PolicyInfoManagerTest, MaskRealPath002, TestSize.Level1)
+{
+    std::string input1 = "/aa/bb/cc/d.txt";
+    std::string expect = "/aa/***/***/d***.txt";
+    std::string path = SandboxManagerLog::MaskRealPath(input1.c_str());
+    EXPECT_EQ(true, expect == path);
+}
+
+/**
+ * @tc.name: MaskRealPath003
+ * @tc.desc: short path  and short name
+ * @tc.type: FUNC
+ * @tc.require:
+ */
+HWTEST_F(PolicyInfoManagerTest, MaskRealPath003, TestSize.Level1)
+{
+    std::string input1 = "/aa/dd.txt";
+    std::string expect = "/aa/d***.txt";
+    std::string path = SandboxManagerLog::MaskRealPath(input1.c_str());
+    EXPECT_EQ(true, expect == path);
+}
+
+/**
+ * @tc.name: MaskRealPath004
+ * @tc.desc: path with more '/'
+ * @tc.type: FUNC
+ * @tc.require:
+ */
+HWTEST_F(PolicyInfoManagerTest, MaskRealPath004, TestSize.Level1)
+{
+    std::string input1 = "/aa/////bb/cc/dd.txt";
+    std::string expect = "/aa/////***/***/d***.txt";
+    std::string path = SandboxManagerLog::MaskRealPath(input1.c_str());
+    EXPECT_EQ(true, expect == path);
+}
+
+/**
+ * @tc.name: MaskRealPath005
+ * @tc.desc: path begin without '/'
+ * @tc.type: FUNC
+ * @tc.require:
+ */
+HWTEST_F(PolicyInfoManagerTest, MaskRealPath005, TestSize.Level1)
+{
+    std::string input1 = "aa/bb";
+    std::string expect = "aa/b***";
+    std::string path = SandboxManagerLog::MaskRealPath(input1.c_str());
+    EXPECT_EQ(true, expect == path);
+}
+
+/**
+ * @tc.name: MaskRealPath006
+ * @tc.desc: path without info
+ * @tc.type: FUNC
+ * @tc.require:
+ */
+HWTEST_F(PolicyInfoManagerTest, MaskRealPath006, TestSize.Level1)
+{
+    std::string input1 = "";
+    std::string expect = "empty path";
+    std::string path = SandboxManagerLog::MaskRealPath(input1.c_str());
+    EXPECT_EQ(true, expect == path);
+}
+
+/**
+ * @tc.name: MaskRealPath007
+ * @tc.desc: path only '/'
+ * @tc.type: FUNC
+ * @tc.require:
+ */
+HWTEST_F(PolicyInfoManagerTest, MaskRealPath007, TestSize.Level1)
+{
+    std::string input1 = "/";
+    std::string expect = "/";
+    std::string path = SandboxManagerLog::MaskRealPath(input1.c_str());
+    EXPECT_EQ(true, expect == path);
+}
+
+/**
+ * @tc.name: MaskRealPath008
+ * @tc.desc: path only '.'
+ * @tc.type: FUNC
+ * @tc.require:
+ */
+HWTEST_F(PolicyInfoManagerTest, MaskRealPath008, TestSize.Level1)
+{
+    std::string input1 = ".";
+    std::string expect = ".";
+    std::string path = SandboxManagerLog::MaskRealPath(input1.c_str());
+    EXPECT_EQ(true, expect == path);
+}
+
+/**
+ * @tc.name: MaskRealPath009
+ * @tc.desc: path start with '.'
+ * @tc.type: FUNC
+ * @tc.require:
+ */
+HWTEST_F(PolicyInfoManagerTest, MaskRealPath009, TestSize.Level1)
+{
+    std::string input1 = "/./test";
+    std::string expect = "/./t***";
+    std::string path = SandboxManagerLog::MaskRealPath(input1.c_str());
+    EXPECT_EQ(true, expect == path);
+}
+
+/**
+ * @tc.name: MaskRealPath010
+ * @tc.desc: path start with '..'
+ * @tc.type: FUNC
+ * @tc.require:
+ */
+HWTEST_F(PolicyInfoManagerTest, MaskRealPath010, TestSize.Level1)
+{
+    std::string input1 = "/../test";
+    std::string expect = "/../t***";
+    std::string path = SandboxManagerLog::MaskRealPath(input1.c_str());
+    EXPECT_EQ(true, expect == path);
+}
+
+/**
+ * @tc.name: MaskRealPath011
+ * @tc.desc: path with '.'
+ * @tc.type: FUNC
+ * @tc.require:
+ */
+HWTEST_F(PolicyInfoManagerTest, MaskRealPath011, TestSize.Level1)
+{
+    std::string input1 = "/aa/../d.txt";
+    std::string expect = "/aa/../d***.txt";
+    std::string path = SandboxManagerLog::MaskRealPath(input1.c_str());
+    EXPECT_EQ(true, expect == path);
+}
+
+/**
+ * @tc.name: MaskRealPath012
+ * @tc.desc: path with '.' and ".."
+ * @tc.type: FUNC
+ * @tc.require:
+ */
+HWTEST_F(PolicyInfoManagerTest, MaskRealPath012, TestSize.Level1)
+{
+    std::string input1 = "/aa/.././bb/cc/dd.txt";
+    std::string expect = "/aa/.././***/***/d***.txt";
+    std::string path = SandboxManagerLog::MaskRealPath(input1.c_str());
+    EXPECT_EQ(true, expect == path);
+}
+
+/**
+ * @tc.name: MaskRealPath013
+ * @tc.desc: path with more than two '.'
+ * @tc.type: FUNC
+ * @tc.require:
+ */
+HWTEST_F(PolicyInfoManagerTest, MaskRealPath013, TestSize.Level1)
+{
+    std::string input1 = "/aa/.../bb/cc/dd.txt";
+    std::string expect = "/aa/.../***/***/d***.txt";
+    std::string path = SandboxManagerLog::MaskRealPath(input1.c_str());
+    EXPECT_EQ(true, expect == path);
+}
+
 /**
  * @tc.name: PolicyInfoManagerTest012
  * @tc.desc: Test PolicyInfoManager - MAC not supported