diff --git a/modules/sandbox/normal/sandbox_core.cpp b/modules/sandbox/normal/sandbox_core.cpp
index e59b3131d552b4920ad8513f4e6f7a6a48ef42c4..004a4119c5ef9675e3bb19a5983dbc833674d4e2 100644
--- a/modules/sandbox/normal/sandbox_core.cpp
+++ b/modules/sandbox/normal/sandbox_core.cpp
@@ -1205,7 +1205,7 @@ void SandboxCore::SetDecDenyWithDir(const AppSpawningCtx *appProperty)
         PathInfo pathInfo = {0};
         pathInfo.path = const_cast<char *>(DEC_DENY_PATH_MAP[i].decPath);
         pathInfo.pathLen = static_cast<uint32_t>(strlen(pathInfo.path));
-        pathInfo.mode = DEC_MODE_DENY_READ | DEC_MODE_DENY_WRITE;
+        pathInfo.mode = DEC_MODE_DENY_INHERIT;
         decPolicyInfo.path[j++] = pathInfo;
         decPolicyInfo.pathNum += 1;
     }
diff --git a/modules/sandbox/sandbox_dec.h b/modules/sandbox/sandbox_dec.h
index 6445289385e3dc5ca4c6fda89b07c5679d930bed..8a8594fa4b30aa9c253a4bf50bcbdb51287bda4b 100644
--- a/modules/sandbox/sandbox_dec.h
+++ b/modules/sandbox/sandbox_dec.h
@@ -51,8 +51,7 @@ extern "C" {
 #define MAX_POLICY_NUM 8
 #define SANDBOX_MODE_READ  0x00000001
 #define SANDBOX_MODE_WRITE (SANDBOX_MODE_READ << 1)
-#define DEC_MODE_DENY_READ  (1 << 5)
-#define DEC_MODE_DENY_WRITE (1 << 6)
+#define DEC_MODE_DENY_INHERIT (1 << 9)
 
 #define DEC_POLICY_HEADER_RESERVED 64