diff --git a/policy/modules/kernel/devices.if b/policy/modules/kernel/devices.if
index fe31e1f..a3796f8 100644
--- a/policy/modules/kernel/devices.if
+++ b/policy/modules/kernel/devices.if
@@ -29,14 +29,39 @@
########################################
##
-## Make the passed in type a type appropriate for
-## use on device nodes (usually files in /dev).
+## Make the specified type usable for device
+## nodes in a filesystem.
##
-##
+##
+##
+## Make the specified type usable for device nodes
+## in a filesystem. Types used for device nodes that
+## do not use this interface, or an interface that
+## calls this one, will have unexpected behaviors
+## while the system is running.
+##
+##
+## Example:
+##
+##
+## type mydev_t;
+## dev_node(mydev_t)
+## allow mydomain_t mydev_t:chr_file read_chr_file_perms;
+##
+##
+## Related interfaces:
+##
+##
+## - term_tty()
+## - term_pty()
+##
+##
+##
##
-## The object type that will be used on device nodes.
+## Type to be used for device nodes.
##
##
+##
#
interface(`dev_node',`
gen_require(`
@@ -2797,13 +2822,28 @@ interface(`dev_rw_qemu',`
########################################
##
## Read from random number generator
-## devices (e.g., /dev/random)
+## devices (e.g., /dev/random).
##
+##
+##
+## Allow the specified domain to read from random number
+## generator devices (e.g., /dev/random). Typically this is
+## used in situations when a cryptographically secure random
+## number is needed.
+##
+##
+## Related interface:
+##
+##
+##
##
##
## Domain allowed access.
##
##
+##
#
interface(`dev_read_rand',`
gen_require(`
@@ -3345,13 +3385,22 @@ interface(`dev_write_sysfs_dirs',`
########################################
##
-## Allow caller to read hardware state information.
+## Read hardware state information.
##
+##
+##
+## Allow the specified domain to read the contents of
+## the sysfs filesystem. This filesystem contains
+## information, parameters, and other settings on the
+## hardware installed on the system.
+##
+##
##
##
-## The process type reading hardware state information.
+## Domain allowed access.
##
##
+##
#
interface(`dev_read_sysfs',`
gen_require(`
@@ -3387,13 +3436,36 @@ interface(`dev_rw_sysfs',`
########################################
##
-## Read from pseudo random devices (e.g., /dev/urandom)
+## Read from pseudo random number generator devices (e.g., /dev/urandom).
##
+##
+##
+## Allow the specified domain to read from pseudo random number
+## generator devices (e.g., /dev/urandom). Typically this is
+## used in situations when a cryptographically secure random
+## number is not necessarily needed. One example is the Stack
+## Smashing Protector (SSP, formerly known as ProPolice) support
+## that may be compiled into programs.
+##
+##
+## Related interface:
+##
+##
+##
+## Related tunable:
+##
+##
+##
##
##
## Domain allowed access.
##
##
+##
#
interface(`dev_read_urand',`
gen_require(`
diff --git a/policy/modules/kernel/files.if b/policy/modules/kernel/files.if
index cf82911..83d26a5 100644
--- a/policy/modules/kernel/files.if
+++ b/policy/modules/kernel/files.if
@@ -30,7 +30,9 @@
## in a filesystem. Types used for files that
## do not use this interface, or an interface that
## calls this one, will have unexpected behaviors
-## while the system is running.
+## while the system is running. If the type is used
+## for device nodes (character or block files), then
+## the dev_node() interface is more appropriate.
##
##
## Related interfaces: