diff --git a/policy/modules/system/userdomain.if b/policy/modules/system/userdomain.if
index cd08bc346..b18abced5 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -1392,13 +1392,21 @@ interface(`userdom_search_user_home_dirs',`
 
 ########################################
 ## <summary>
-##	Search user home directories.
+##	Do not audit attempts to search user home directories.
 ## </summary>
+## <desc>
+##	<p>
+##	Do not audit attempts to search user home directories.
+##	This will supress SELinux denial messages when the specified
+##	domain is denied the permission to search these directories.
+##	</p>
+## </desc>
 ## <param name="domain">
 ##	<summary>
-##	Domain allowed access.
+##	Domain to not audit.
 ##	</summary>
 ## </param>
+## <infoflow type="none"/>
 #
 interface(`userdom_dontaudit_search_user_home_dirs',`
 	gen_require(`
@@ -2554,13 +2562,29 @@ interface(`userdom_use_user_ptys',`
 
 ########################################
 ## <summary>
-##	Read and write a user domain tty and pty.
+##	Read and write a user TTYs and PTYs.
 ## </summary>
+## <desc>
+##	<p>
+##	Allow the specified domain to read and write user
+##	TTYs and PTYs. This will allow the domain to
+##	interact with the user via the terminal. Typically
+##	all interactive applications will require this
+##	access.
+##	</p>
+##	<p>
+##	However, this also allows the applications to spy
+##	on user sessions or inject information into the
+##	user session.  Thus, this access should likely
+##	not be allowed for non-interactive domains.
+##	</p>
+## </desc>
 ## <param name="domain">
 ##	<summary>
 ##	Domain allowed access.
 ##	</summary>
 ## </param>
+## <infoflow type="both" weight="10"/>
 #
 interface(`userdom_use_user_terminals',`
 	gen_require(`
@@ -2824,14 +2848,23 @@ interface(`userdom_use_unpriv_users_fds',`
 
 ########################################
 ## <summary>
-##	Do not audit attempts to inherit the
-##	file descriptors from all user domains.
+##	Do not audit attempts to inherit the file descriptors
+##	from unprivileged user domains.
 ## </summary>
+## <desc>
+##	<p>
+##	Do not audit attempts to inherit the file descriptors
+##	from unprivileged user domains. This will supress
+##	SELinux denial messages when the specified domain is denied
+##	the permission to inherit these file descriptors.
+##	</p>
+## </desc>
 ## <param name="domain">
 ##	<summary>
-##	Domain allowed access.
+##	Domain to not audit.
 ##	</summary>
 ## </param>
+## <infoflow type="none"/>
 #
 interface(`userdom_dontaudit_use_unpriv_user_fds',`
 	gen_require(`