Take a look at this patch that will install the users file on the system 
and allow local admins to manipulate  a local.users file.
We still need to handle file context though, perhaps include filecontext 
file pre genhomedircon.

I want to change genpolusers syntax to be

genpolusers inpolicy outpolicy userfile1 [userfile2 ... ]

So if I add a user to /etc/selinux/strict/users/local.users I execute

genpolusers /etc/selinux/strict/policy/policy.18 
/etc/selinux/strict/policy/policy.18.new 
/etc/selinux/strict/users/system.users \ 
/etc/selinux/strict/users/local.users
mv -f /etc/selinux/strict/policy/policy.18.new 
/etc/selinux/strict/policy/policy.18
load_policy /etc/selinux/strict/policy/policy.18

Tools like useradd and system-config-users can start to manipulate 
/etc/selinux/strict/users/local.users, to setup roles.