diff --git a/include/sway/security.h b/include/sway/security.h
index 0edffdfa..02f22e41 100644
--- a/include/sway/security.h
+++ b/include/sway/security.h
@@ -15,4 +15,5 @@ struct feature_policy *alloc_feature_policy(const char *program);
 struct ipc_policy *alloc_ipc_policy(const char *program);
 struct command_policy *alloc_command_policy(const char *command);
 
+char *resolve_ipc_path(const char* program);
 #endif
diff --git a/sway/commands/ipc.c b/sway/commands/ipc.c
index eacf7e94..efcfad56 100644
--- a/sway/commands/ipc.c
+++ b/sway/commands/ipc.c
@@ -18,24 +18,20 @@ struct cmd_results *cmd_ipc(int argc, char **argv) {
 	if ((error = check_security_config())) {
 		return error;
 	}
-
 	if (config->reading && strcmp("{", argv[1]) != 0) {
 		return cmd_results_new(CMD_INVALID, "ipc",
 				"Expected '{' at start of IPC config definition.");
 	}
-
 	if (!config->reading) {
 		return cmd_results_new(CMD_FAILURE, "ipc", "Can only be used in config file.");
 	}
 
-    char *program = NULL;
+	char *program = NULL;
 
-    if (!strcmp(argv[0], "*")) {
-        program = strdup(argv[0]);
-    } else if (!(program = resolve_path(argv[0]))) {
-        return cmd_results_new(
-                CMD_INVALID, "ipc", "Unable to resolve IPC Policy target.");
-    }
+	if (!(program = resolve_ipc_path(argv[0]))) {
+		return cmd_results_new(
+				CMD_FAILURE, "ipc", "Memory allocation error occured.");
+	}
 	current_policy = alloc_ipc_policy(program);
 	list_add(config->ipc_policies, current_policy);
 
diff --git a/sway/commands/permit.c b/sway/commands/permit.c
index 11918efd..599e2543 100644
--- a/sway/commands/permit.c
+++ b/sway/commands/permit.c
@@ -50,17 +50,8 @@ struct cmd_results *cmd_permit(int argc, char **argv) {
 	}
 
 	char *program = NULL;
-
-	if (!strcmp(argv[0], "*")) {
-		program = strdup(argv[0]);
-	} else {
-		program = resolve_path(argv[0]);
-	}
-	if (!program) {
-		sway_assert(program, "Unable to resolve IPC permit target '%s'."
-			" will issue empty policy", argv[0]);
-		assign_perms = false;
-		program = strdup(argv[0]);
+	if (!(program = resolve_ipc_path(argv[0]))) {
+		sway_abort("memory allocation failed");
 	}
 
 	struct feature_policy *policy = get_feature_policy(program);
@@ -87,16 +78,8 @@ struct cmd_results *cmd_reject(int argc, char **argv) {
 	}
 
 	char *program = NULL;
-	if (!strcmp(argv[0], "*")) {
-		program = strdup(argv[0]);
-	} else {
-		program = resolve_path(argv[0]);
-	}
-	if (!program) {
-		// Punt
-		sway_log(L_INFO, "Unable to resolve IPC reject target '%s'."
-			" Will use provided path", argv[0]);
-		program = strdup(argv[0]);
+	if (!(program = resolve_ipc_path(argv[0]))) {
+		sway_abort("memory allocation failed");
 	}
 
 	struct feature_policy *policy = get_feature_policy(program);
diff --git a/sway/security.c b/sway/security.c
index 0c12bc32..c947342a 100644
--- a/sway/security.c
+++ b/sway/security.c
@@ -6,6 +6,7 @@
 #include <stdio.h>
 #include "sway/config.h"
 #include "sway/security.h"
+#include "util.h"
 #include "log.h"
 
 static bool validate_ipc_target(const char *program) {
@@ -222,3 +223,21 @@ const char *command_policy_str(enum command_context context) {
 			return "unknown";
 	}
 }
+
+/**
+ * An IPC-specific version of util.c:resolve_path()
+ * Always returns the "best" path It can unless an ENOMEM occurs ,
+ * in which case it returns NULL.
+ */
+char *resolve_ipc_path(const char* name) {
+	char *program = NULL;
+	if (!strcmp(name, "*")) {
+		program = strdup(name);
+	} else {
+		program = resolve_path(name);
+		if (!program) {
+			program = strdup(name);
+		}
+	}
+	return program;
+}