platform_system_sepolicy/nfc.te

# nfc subsystem
type nfc, domain;
app_domain(nfc)
net_domain(nfc)
binder_service(nfc)

# Set NFC properties
unix_socket_connect(nfc, property, init)
allow nfc nfc_prop:property_service set;

# NFC device access.
allow nfc nfc_device:chr_file rw_file_perms;

# Data file accesses.
allow nfc nfc_data_file:dir create_dir_perms;
allow nfc nfc_data_file:notdevfile_class_set create_file_perms;

allow nfc sysfs_nfc_power_writable:file rw_file_perms;
allow nfc sysfs:file write;

allow nfc drmserver_service:service_manager find;
allow nfc mediaserver_service:service_manager find;
allow nfc nfc_service:service_manager { add find };
allow nfc radio_service:service_manager find;
allow nfc surfaceflinger_service:service_manager find;
allow nfc tmp_system_server_service:service_manager find;
allow nfc app_api_service:service_manager find;
allow nfc system_api_service:service_manager find;

service_manager_local_audit_domain(nfc)
auditallow nfc {
    tmp_system_server_service
    -accessibility_service
    -activity_service
    -appops_service
    -batterystats_service
    -bluetooth_manager_service
    -connectivity_service
    -content_service
    -display_service
    -dropbox_service
    -network_management_service
    -power_service
    -registry_service
    -trust_service
    -user_service
    -vibrator_service
}:service_manager find;

# already open bugreport file descriptors may be shared with
# the nfc process, from a file in
# /data/data/com.android.shell/files/bugreports/bugreport-*.
allow nfc shell_data_file:file read;