diff --git a/interfaces/common/src/sandbox_helper.cpp b/interfaces/common/src/sandbox_helper.cpp
index 0536ab7fd729e4ca3e676bca00facf242b255920..515d8a36d7bd43df2a3c5fe33c3f7a0cb81370e7 100644
--- a/interfaces/common/src/sandbox_helper.cpp
+++ b/interfaces/common/src/sandbox_helper.cpp
@@ -54,6 +54,9 @@ namespace {
     const std::string PATH_INVALID_FLAG1 = "../";
     const std::string PATH_INVALID_FLAG2 = "/..";
     const uint32_t PATH_INVALID_FLAG_LEN = 3;
+    const std::string PATH_WILDCARD_FLAG1 = "*/";
+    const std::string PATH_WILDCARD_FLAG2 = "/*";
+    const uint32_t PATH_WILDCARD_FLAG_LEN = 2;
     const std::string NETWORK_PARA = "?networkid=";
     const std::string AMPERSAND = "&";
 }
@@ -528,6 +531,19 @@ bool SandboxHelper::IsValidPath(const std::string &filePath)
         LOGE("Relative path is not allowed, path tail is /..");
         return false;
     }
+    size_t wildcardPos = filePath.find(PATH_WILDCARD_FLAG1);
+    while (wildcardPos != string::npos) {
+        if (wildcardPos == 0 || filePath[wildcardPos - 1] == BACKSLASH) {
+            LOGE("Relative path is not allowed, path contain */");
+            return false;
+        }
+        wildcardPos = filePath.find(PATH_WILDCARD_FLAG1, wildcardPos + PATH_WILDCARD_FLAG_LEN);
+    }
+    wildcardPos = filePath.rfind(PATH_WILDCARD_FLAG2);
+    if ((wildcardPos != string::npos) && (filePath.size() - wildcardPos == PATH_WILDCARD_FLAG_LEN)) {
+        LOGE("Relative path is not allowed, path tail is /*");
+        return false;
+    }
     return true;
 }
 
diff --git a/test/unittest/file_share_native/file_share_test.cpp b/test/unittest/file_share_native/file_share_test.cpp
index 8b05e4b545de21a893c573963beb57854dae60ba..592ee33e195d3c3844c2d9bf7418fe21bbfebd9b 100644
--- a/test/unittest/file_share_native/file_share_test.cpp
+++ b/test/unittest/file_share_native/file_share_test.cpp
@@ -567,6 +567,20 @@ HWTEST_F(FileShareTest, File_share_IsValidPath_0002, testing::ext::TestSize.Leve
     EXPECT_FALSE(result);
     result = SandboxHelper::IsValidPath("/test/..test/..");
     EXPECT_FALSE(result);
+    result = SandboxHelper::IsValidPath("*/test*/test1");
+    EXPECT_FALSE(result);
+    result = SandboxHelper::IsValidPath("/*/test*/test1");
+    EXPECT_FALSE(result);
+    result = SandboxHelper::IsValidPath("test*/*/test");
+    EXPECT_FALSE(result);
+    result = SandboxHelper::IsValidPath("test*/*/");
+    EXPECT_FALSE(result);
+    result = SandboxHelper::IsValidPath("test*/test*/*");
+    EXPECT_FALSE(result);
+    result = SandboxHelper::IsValidPath("/test/*test/*");
+    EXPECT_FALSE(result);
+    result = SandboxHelper::IsValidPath("*/test/*test");
+    EXPECT_FALSE(result);
 
     result = SandboxHelper::IsValidPath("test");
     EXPECT_TRUE(result);
@@ -578,6 +592,14 @@ HWTEST_F(FileShareTest, File_share_IsValidPath_0002, testing::ext::TestSize.Leve
     EXPECT_TRUE(result);
     result = SandboxHelper::IsValidPath("/test../test../test../..test");
     EXPECT_TRUE(result);
+    result = SandboxHelper::IsValidPath("/test/test*/test");
+    EXPECT_TRUE(result);
+    result = SandboxHelper::IsValidPath("/test*/test*/test");
+    EXPECT_TRUE(result);
+    result = SandboxHelper::IsValidPath("/test*/test*/test*/");
+    EXPECT_TRUE(result);
+    result = SandboxHelper::IsValidPath("/test*/test*/test*/*test");
+    EXPECT_TRUE(result);
     GTEST_LOG_(INFO) << "FileShareTest-end File_share_IsValidPath_0002";
 }