diff --git a/interfaces/innerkits/native/file_share/src/file_share.cpp b/interfaces/innerkits/native/file_share/src/file_share.cpp
index 4962f79c3bda0723db0946d4d1cea7d4acf70a24..7218eb7348b08f73bc0ff471bd5a6dd2c8432845 100644
--- a/interfaces/innerkits/native/file_share/src/file_share.cpp
+++ b/interfaces/innerkits/native/file_share/src/file_share.cpp
@@ -276,7 +276,11 @@ static int32_t CreateSingleShareFile(const string &uri, uint32_t tokenId, uint32
     }
 
     for (size_t i = 0; i < info.sharePath_.size(); i++) {
-        if ((ret = open(info.sharePath_[i].c_str(), O_RDONLY | O_CREAT)) < 0) {
+        if (!SandboxHelper::CheckValidPath(info.sharePath_[i])) {
+            LOGE("Invalid share path with %{private}s", info.sharePath_[i].c_str());
+            return -EINVAL;
+        }
+        if ((ret = open(info.sharePath_[i].c_str(), O_RDONLY | O_CREAT, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP)) < 0) {
             LOGE("Create file failed with %{public}d", errno);
             return -errno;
         }