--- a/browser/components/enterprisepolicies/EnterprisePolicies.js
+++ b/browser/components/enterprisepolicies/EnterprisePolicies.js
@@ -3,17 +3,16 @@
  * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
 
 ChromeUtils.import("resource://gre/modules/XPCOMUtils.jsm");
 ChromeUtils.import("resource://gre/modules/Services.jsm");
 ChromeUtils.import("resource://gre/modules/AppConstants.jsm");
 
 XPCOMUtils.defineLazyModuleGetters(this, {
   WindowsGPOParser: "resource:///modules/policies/WindowsGPOParser.jsm",
-  NetUtil: "resource://gre/modules/NetUtil.jsm",
   Policies: "resource:///modules/policies/Policies.jsm",
   PoliciesValidator: "resource:///modules/policies/PoliciesValidator.jsm",
 });
 
 // This is the file that will be searched for in the
 // ${InstallDir}/distribution folder.
 const POLICIES_FILENAME = "policies.json";
 
@@ -135,33 +134,47 @@ EnterprisePoliciesManager.prototype = {
       if (!parametersAreValid) {
         log.error(`Invalid parameters specified for ${policyName}.`);
         continue;
       }
 
       let policyImpl = Policies[policyName];
 
       for (let timing of Object.keys(this._callbacks)) {
-        let policyCallback = policyImpl["on" + timing];
+        let policyCallback = policyImpl[timing];
         if (policyCallback) {
           this._schedulePolicyCallback(
             timing,
-            policyCallback.bind(null,
+            policyCallback.bind(policyImpl,
                                 this, /* the EnterprisePoliciesManager */
                                 parsedParameters));
         }
       }
     }
   },
 
   _callbacks: {
-    BeforeAddons: [],
-    ProfileAfterChange: [],
-    BeforeUIStartup: [],
-    AllWindowsRestored: [],
+    // The earlist that a policy callback can run. This will
+    // happen right after the Policy Engine itself has started,
+    // and before the Add-ons Manager has started.
+    onBeforeAddons: [],
+
+    // This happens after all the initialization related to
+    // the profile has finished (prefs, places database, etc.).
+    onProfileAfterChange: [],
+
+    // Just before the first browser window gets created.
+    onBeforeUIStartup: [],
+
+    // Called after all windows from the last session have been
+    // restored (or the default window and homepage tab, if the
+    // session is not being restored).
+    // The content of the tabs themselves have not necessarily
+    // finished loading.
+    onAllWindowsRestored: [],
   },
 
   _schedulePolicyCallback(timing, callback) {
     this._callbacks[timing].push(callback);
   },
 
   _runPoliciesCallbacks(timing) {
     let callbacks = this._callbacks[timing];
@@ -211,32 +224,33 @@ EnterprisePoliciesManager.prototype = {
       this.observe(null, "sessionstore-windows-restored", null);
     });
   },
 
   // nsIObserver implementation
   observe: function BG_observe(subject, topic, data) {
     switch (topic) {
       case "policies-startup":
+        // Before the first set of policy callbacks runs, we must
+        // initialize the service.
         this._initialize();
-        this._runPoliciesCallbacks("BeforeAddons");
+
+        this._runPoliciesCallbacks("onBeforeAddons");
         break;
 
       case "profile-after-change":
-        // Before the first set of policy callbacks runs, we must
-        // initialize the service.
-        this._runPoliciesCallbacks("ProfileAfterChange");
+        this._runPoliciesCallbacks("onProfileAfterChange");
         break;
 
       case "final-ui-startup":
-        this._runPoliciesCallbacks("BeforeUIStartup");
+        this._runPoliciesCallbacks("onBeforeUIStartup");
         break;
 
       case "sessionstore-windows-restored":
-        this._runPoliciesCallbacks("AllWindowsRestored");
+        this._runPoliciesCallbacks("onAllWindowsRestored");
 
         // After the last set of policy callbacks ran, notify the test observer.
         Services.obs.notifyObservers(null,
                                      "EnterprisePolicies:AllPoliciesApplied");
         break;
 
       case "EnterprisePolicies:Restart":
         this._restart().then(null, Cu.reportError);

--- a/browser/components/enterprisepolicies/Policies.jsm
+++ b/browser/components/enterprisepolicies/Policies.jsm
@@ -27,16 +27,42 @@ XPCOMUtils.defineLazyGetter(this, "log",
     // messages during development. See LOG_LEVELS in Console.jsm for details.
     maxLogLevel: "error",
     maxLogLevelPref: PREF_LOGLEVEL,
   });
 });
 
 var EXPORTED_SYMBOLS = ["Policies"];
 
+/*
+ * ============================
+ * = POLICIES IMPLEMENTATIONS =
+ * ============================
+ *
+ * The Policies object below is where the implementation for each policy
+ * happens. An object for each policy should be defined, containing
+ * callback functions that will be called by the engine.
+ *
+ * See the _callbacks object in EnterprisePolicies.js for the list of
+ * possible callbacks and an explanation of each.
+ *
+ * Each callback will be called with two parameters:
+ * - manager
+ *   This is the EnterprisePoliciesManager singleton object from
+ *   EnterprisePolicies.js
+ *
+ * - param
+ *   The parameter defined for this policy in policies-schema.json.
+ *   It will be different for each policy. It could be a boolean,
+ *   a string, an array or a complex object. All parameters have
+ *   been validated according to the schema, and no unknown
+ *   properties will be present on them.
+ *
+ * The callbacks will be bound to their parent policy object.
+ */
 var Policies = {
   "BlockAboutAddons": {
     onBeforeUIStartup(manager, param) {
       if (param) {
         manager.disallowFeature("about:addons", true);
       }
     }
   },
@@ -201,16 +227,29 @@ var Policies = {
 /*
  * ====================
  * = HELPER FUNCTIONS =
  * ====================
  *
  * The functions below are helpers to be used by several policies.
  */
 
+/**
+ * setAndLockPref
+ *
+ * Sets the _default_ value of a pref, and locks it (meaning that
+ * the default value will always be returned, independent from what
+ * is stored as the user value).
+ * The value is only changed in memory, and not stored to disk.
+ *
+ * @param {string} prefName
+ *        The pref to be changed
+ * @param {boolean,number,string} prefValue
+ *        The value to set and lock
+ */
 function setAndLockPref(prefName, prefValue) {
   if (Services.prefs.prefIsLocked(prefName)) {
     Services.prefs.unlockPref(prefName);
   }
 
   let defaults = Services.prefs.getDefaultBranch("");
 
   switch (typeof(prefValue)) {
@@ -229,16 +268,29 @@ function setAndLockPref(prefName, prefVa
     case "string":
       defaults.setStringPref(prefName, prefValue);
       break;
   }
 
   Services.prefs.lockPref(prefName);
 }
 
+/**
+ * addAllowDenyPermissions
+ *
+ * Helper function to call the permissions manager (Services.perms.add)
+ * for two arrays of URLs.
+ *
+ * @param {string} permissionName
+ *        The name of the permission to change
+ * @param {array} allowList
+ *        The list of URLs to be set as ALLOW_ACTION for the chosen permission.
+ * @param {array} blockList
+ *        The list of URLs to be set as DENY_ACTION for the chosen permission.
+ */
 function addAllowDenyPermissions(permissionName, allowList, blockList) {
   allowList = allowList || [];
   blockList = blockList || [];
 
   for (let origin of allowList) {
     Services.perms.add(origin,
                        permissionName,
                        Ci.nsIPermissionManager.ALLOW_ACTION,