diff --git a/kernel/selinux/rules.c b/kernel/selinux/rules.c
index c8db9fc3..df8bc447 100644
--- a/kernel/selinux/rules.c
+++ b/kernel/selinux/rules.c
@@ -194,7 +194,7 @@ static int get_object(char *buf, char __user *user_object, size_t buf_sz,
     }
 
     if (strncpy_from_user(buf, user_object, buf_sz) < 0) {
-        return -1;
+        return -EINVAL;
     }
 
     *object = buf;
@@ -223,7 +223,7 @@ int handle_sepolicy(unsigned long arg3, void __user *arg4)
     struct policydb *db;
 
     if (!arg4) {
-        return -1;
+        return -EINVAL;
     }
 
     if (!getenforce()) {
@@ -270,7 +270,7 @@ int handle_sepolicy(unsigned long arg3, void __user *arg4)
     struct sepol_data data;
     if (copy_from_user(&data, arg4, sizeof(struct sepol_data))) {
         pr_err("sepol: copy sepol_data failed.\n");
-        return -1;
+        return -EINVAL;
     }
     sepol1 = data.field_sepol1;
     sepol2 = data.field_sepol2;
@@ -287,7 +287,7 @@ int handle_sepolicy(unsigned long arg3, void __user *arg4)
 
     db = get_policydb();
 
-    int ret = -1;
+    int ret = -EINVAL;
     if (cmd == CMD_NORMAL_PERM) {
         char src_buf[MAX_SEPOL_LEN];
         char tgt_buf[MAX_SEPOL_LEN];
@@ -328,7 +328,7 @@ int handle_sepolicy(unsigned long arg3, void __user *arg4)
         } else {
             pr_err("sepol: unknown subcmd: %d\n", subcmd);
         }
-        ret = success ? 0 : -1;
+        ret = success ? 0 : -EINVAL;
 
     } else if (cmd == CMD_XPERM) {
         char src_buf[MAX_SEPOL_LEN];
@@ -373,7 +373,7 @@ int handle_sepolicy(unsigned long arg3, void __user *arg4)
         } else {
             pr_err("sepol: unknown subcmd: %d\n", subcmd);
         }
-        ret = success ? 0 : -1;
+        ret = success ? 0 : -EINVAL;
     } else if (cmd == CMD_TYPE_STATE) {
         char src[MAX_SEPOL_LEN];
 
diff --git a/userspace/ksud/src/sepolicy.rs b/userspace/ksud/src/sepolicy.rs
index a9daf8e4..5c4d35f8 100644
--- a/userspace/ksud/src/sepolicy.rs
+++ b/userspace/ksud/src/sepolicy.rs
@@ -702,10 +702,10 @@ fn apply_one_rule<'a>(statement: &'a PolicyStatement<'a>, strict: bool) -> Resul
             cmd: 0,
             arg: &ffi_policy as *const _ as u64,
         };
-        if crate::ksucalls::set_sepolicy(&cmd).is_err() {
-            log::warn!("apply rule: {statement:?} failed.");
+        if let Err(e) = crate::ksucalls::set_sepolicy(&cmd) {
+            log::warn!("apply rule {:?} failed: {}", statement, e);
             if strict {
-                return Err(anyhow::anyhow!("apply rule {:?} failed.", statement));
+                return Err(anyhow::anyhow!("apply rule {:?} failed: {}", statement, e));
             }
         }
     }