diff --git a/userspace/ksud/src/cli.rs b/userspace/ksud/src/cli.rs
index 71d95474..5454fc59 100644
--- a/userspace/ksud/src/cli.rs
+++ b/userspace/ksud/src/cli.rs
@@ -89,6 +89,12 @@ enum Sepolicy {
         /// sepolicy file path
         file: String,
     },
+
+    /// Check if sepolicy statement is supported/valid
+    Check {
+        /// sepolicy statements
+        sepolicy: String,
+    },
 }
 
 #[derive(clap::Subcommand, Debug)]
@@ -152,6 +158,7 @@ pub fn run() -> Result<()> {
         Commands::Sepolicy { command } => match command {
             Sepolicy::Patch { sepolicy } => crate::sepolicy::live_patch(&sepolicy),
             Sepolicy::Apply { file } => crate::sepolicy::apply_file(file),
+            Sepolicy::Check { sepolicy } => crate::sepolicy::check_rule(&sepolicy),
         },
         Commands::Services => event::on_services(),
 
diff --git a/userspace/ksud/src/module.rs b/userspace/ksud/src/module.rs
index becf4d7f..2cb8a023 100644
--- a/userspace/ksud/src/module.rs
+++ b/userspace/ksud/src/module.rs
@@ -529,7 +529,7 @@ where
     let result = func(id, update_dir);
 
     if let Err(e) = std::fs::rename(modules_update_tmp_img, defs::MODULE_UPDATE_IMG) {
-        warn!("Rename image failed, try copy it.");
+        warn!("Rename image failed: {e}, try copy it.");
         std::fs::copy(modules_update_tmp_img, defs::MODULE_UPDATE_IMG)
             .with_context(|| "Failed to copy image.".to_string())?;
         let _ = std::fs::remove_file(modules_update_tmp_img);
diff --git a/userspace/ksud/src/sepolicy.rs b/userspace/ksud/src/sepolicy.rs
index 6e50f3dd..2a4bfb23 100644
--- a/userspace/ksud/src/sepolicy.rs
+++ b/userspace/ksud/src/sepolicy.rs
@@ -692,7 +692,7 @@ impl From<AtomicStatement> for FfiPolicy {
 }
 
 #[cfg(unix)]
-fn apply_one_rule<'a>(statement: &'a PolicyStatement<'a>) -> Result<()> {
+fn apply_one_rule<'a>(statement: &'a PolicyStatement<'a>, strict: bool) -> Result<()> {
     let policies: Vec<AtomicStatement> = statement.try_into()?;
 
     for policy in policies {
@@ -710,7 +710,10 @@ fn apply_one_rule<'a>(statement: &'a PolicyStatement<'a>) -> Result<()> {
         }
 
         if result != crate::ksu::KERNEL_SU_OPTION {
-            log::warn!("apply rule failed: {result}");
+            log::warn!("apply rule: {:?} failed.", statement);
+            if strict {
+                return Err(anyhow::anyhow!("apply rule {:?} failed.", statement));
+            }
         }
     }
 
@@ -718,7 +721,7 @@ fn apply_one_rule<'a>(statement: &'a PolicyStatement<'a>) -> Result<()> {
 }
 
 #[cfg(not(unix))]
-fn apply_one_rule<'a>(_statement: &'a PolicyStatement<'a>) -> Result<()> {
+fn apply_one_rule<'a>(_statement: &'a PolicyStatement<'a>, _strict: bool) -> Result<()> {
     unimplemented!()
 }
 
@@ -726,7 +729,7 @@ pub fn live_patch(policy: &str) -> Result<()> {
     let result = parse_sepolicy(policy.trim());
     for statement in result {
         println!("{statement:?}");
-        apply_one_rule(&statement)?;
+        apply_one_rule(&statement, false)?;
     }
     Ok(())
 }
@@ -735,3 +738,11 @@ pub fn apply_file<P: AsRef<Path>>(path: P) -> Result<()> {
     let input = std::fs::read_to_string(path)?;
     live_patch(&input)
 }
+
+pub fn check_rule(policy: &str) -> Result<()> {
+    let result = parse_sepolicy(policy.trim());
+    for statement in result {
+        apply_one_rule(&statement, true)?;
+    }
+    Ok(())
+}
\ No newline at end of file