diff --git a/Makefile b/Makefile
index 45bd45d31..e668ece5e 100644
--- a/Makefile
+++ b/Makefile
@@ -134,6 +134,7 @@ globaltun = $(poldir)/global_tunables
 globalbool = $(poldir)/global_booleans
 user_files := $(poldir)/users
 policycaps := $(poldir)/policy_capabilities
+ctx_defaults := $(poldir)/context_defaults
 
 # local config file paths
 ifndef LOCAL_ROOT
diff --git a/Rules.modular b/Rules.modular
index 2c5f5ffc1..b2d2ac438 100644
--- a/Rules.modular
+++ b/Rules.modular
@@ -15,7 +15,7 @@ users_extra := $(tmpdir)/users_extra
 
 base_sections := $(tmpdir)/pre_te_files.conf $(tmpdir)/all_attrs_types.conf $(tmpdir)/global_bools.conf $(tmpdir)/only_te_rules.conf $(tmpdir)/all_post.conf
 
-base_pre_te_files := $(secclass) $(isids) $(avs) $(m4support) $(poldir)/mls $(poldir)/mcs $(policycaps)
+base_pre_te_files := $(secclass) $(isids) $(avs) $(ctx_defaults) $(m4support) $(poldir)/mls $(poldir)/mcs $(policycaps)
 base_te_files := $(base_mods)
 base_post_te_files := $(user_files) $(poldir)/constraints
 base_fc_files := $(base_mods:.te=.fc)
diff --git a/Rules.monolithic b/Rules.monolithic
index b6359524a..b8d180e14 100644
--- a/Rules.monolithic
+++ b/Rules.monolithic
@@ -32,7 +32,7 @@ all_interfaces := $(all_modules:.te=.if) $(off_mods:.te=.if)
 all_te_files := $(all_modules)
 all_fc_files := $(all_modules:.te=.fc)
 
-pre_te_files := $(secclass) $(isids) $(avs) $(m4support) $(poldir)/mls $(poldir)/mcs $(policycaps)
+pre_te_files := $(secclass) $(isids) $(avs) $(ctx_defaults) $(m4support) $(poldir)/mls $(poldir)/mcs $(policycaps)
 post_te_files := $(user_files) $(poldir)/constraints
 
 policy_sections := $(tmpdir)/pre_te_files.conf $(tmpdir)/all_attrs_types.conf $(tmpdir)/global_bools.conf $(tmpdir)/only_te_rules.conf $(tmpdir)/all_post.conf
diff --git a/policy/context_defaults b/policy/context_defaults
new file mode 100644
index 000000000..aee96cdef
--- /dev/null
+++ b/policy/context_defaults
@@ -0,0 +1,11 @@
+# Override default policy behaviors when creating new contexts.
+#
+# Behavior for each of the four components of the context can
+# be specified, for each object class.
+#
+# Examples:
+#
+#default_role process user;
+#default_role process source;
+#default_type process source;
+#default_range process source low;