Add file for placing default_* statements.

Makefile

@@ -134,6 +134,7 @@ globaltun = $(poldir)/global_tunables
 globalbool = $(poldir)/global_booleans
 user_files := $(poldir)/users
 policycaps := $(poldir)/policy_capabilities
+ctx_defaults := $(poldir)/context_defaults
 
 # local config file paths
 ifndef LOCAL_ROOT

Rules.modular

@@ -15,7 +15,7 @@ users_extra := $(tmpdir)/users_extra
 
 base_sections := $(tmpdir)/pre_te_files.conf $(tmpdir)/all_attrs_types.conf $(tmpdir)/global_bools.conf $(tmpdir)/only_te_rules.conf $(tmpdir)/all_post.conf
 
-base_pre_te_files := $(secclass) $(isids) $(avs) $(m4support) $(poldir)/mls $(poldir)/mcs $(policycaps)
+base_pre_te_files := $(secclass) $(isids) $(avs) $(ctx_defaults) $(m4support) $(poldir)/mls $(poldir)/mcs $(policycaps)
 base_te_files := $(base_mods)
 base_post_te_files := $(user_files) $(poldir)/constraints
 base_fc_files := $(base_mods:.te=.fc)

Rules.monolithic

@@ -32,7 +32,7 @@ all_interfaces := $(all_modules:.te=.if) $(off_mods:.te=.if)
 all_te_files := $(all_modules)
 all_fc_files := $(all_modules:.te=.fc)
 
-pre_te_files := $(secclass) $(isids) $(avs) $(m4support) $(poldir)/mls $(poldir)/mcs $(policycaps)
+pre_te_files := $(secclass) $(isids) $(avs) $(ctx_defaults) $(m4support) $(poldir)/mls $(poldir)/mcs $(policycaps)
 post_te_files := $(user_files) $(poldir)/constraints
 
 policy_sections := $(tmpdir)/pre_te_files.conf $(tmpdir)/all_attrs_types.conf $(tmpdir)/global_bools.conf $(tmpdir)/only_te_rules.conf $(tmpdir)/all_post.conf

policy/context_defaults

@@ -0,0 +1,11 @@
+# Override default policy behaviors when creating new contexts.
+#
+# Behavior for each of the four components of the context can
+# be specified, for each object class.
+#
+# Examples:
+#
+#default_role process user;
+#default_role process source;
+#default_type process source;
+#default_range process source low;