Allow NFC to read/write nfc. system properties.

(cherry pick of commit 05383ebf)

Bug: 17298769
Change-Id: I1994ff9f9da9b13249099f6c9bcec88dcdc2bb97

app.te

@@ -238,7 +238,7 @@ neverallow appdomain socket_device:sock_file write;
 # Unix domain sockets.
 neverallow appdomain adbd_socket:sock_file write;
 neverallow appdomain installd_socket:sock_file write;
-neverallow { appdomain -bluetooth -radio -shell -system_app }
+neverallow { appdomain -bluetooth -radio -shell -system_app -nfc }
     property_socket:sock_file write;
 neverallow { appdomain -radio } rild_socket:sock_file write;
 neverallow appdomain vold_socket:sock_file write;
@@ -340,5 +340,5 @@ neverallow { appdomain -system_app -shell }
 neverallow appdomain fs_type:filesystem ~getattr;
 
 # Ability to set system properties.
-neverallow { appdomain -system_app -radio -shell -bluetooth }
+neverallow { appdomain -system_app -radio -shell -bluetooth -nfc }
     property_type:property_service set;

nfc.te

@@ -4,6 +4,10 @@ app_domain(nfc)
 net_domain(nfc)
 binder_service(nfc)
 
+# Set NFC properties
+unix_socket_connect(nfc, property, init)
+allow nfc nfc_prop:property_service set;
+
 # NFC device access.
 allow nfc nfc_device:chr_file rw_file_perms;
 

property.te

@@ -22,3 +22,4 @@ type security_prop, property_type;
 type bluetooth_prop, property_type;
 type pan_result_prop, property_type;
 type powerctl_prop, property_type;
+type nfc_prop, property_type;

property_contexts

@@ -58,3 +58,6 @@ ctl.ril-daemon          u:object_r:ctl_rildaemon_prop:s0
 ctl.bugreport           u:object_r:ctl_bugreport_prop:s0
 ctl.dhcpcd_bt-pan       u:object_r:ctl_dhcp_pan_prop:s0
 ctl.                    u:object_r:ctl_default_prop:s0
+
+# NFC properties
+nfc.                    u:object_r:nfc_prop:s0