diff --git a/android_hardware_nfc_1_0_service.te b/android_hardware_nfc_1_0_service.te
new file mode 100644
index 0000000000000000000000000000000000000000..f980da43b63bcbe1838105ebd59e23c5b3216fea
--- /dev/null
+++ b/android_hardware_nfc_1_0_service.te
@@ -0,0 +1,22 @@
+# nfc subsystem
+type android_hardware_nfc_1_0_service, domain;
+type android_hardware_nfc_1_0_service_exec, exec_type, file_type;
+
+# may be started by init
+init_daemon_domain(android_hardware_nfc_1_0_service)
+
+# hwbinder access
+hwbinder_use(android_hardware_nfc_1_0_service)
+
+# call into NFC process (callbacks)
+binder_call(android_hardware_nfc_1_0_service, nfc)
+
+# Set NFC properties (used by bcm2079x HAL).
+set_prop(android_hardware_nfc_1_0_service, nfc_prop)
+
+# NFC device access.
+allow android_hardware_nfc_1_0_service nfc_device:chr_file rw_file_perms;
+
+# Data file accesses.
+allow android_hardware_nfc_1_0_service nfc_data_file:dir create_dir_perms;
+allow android_hardware_nfc_1_0_service nfc_data_file:notdevfile_class_set create_file_perms;
diff --git a/file_contexts b/file_contexts
index 33b628a47548e95de37b491f5fef2f05a223b8c6..41ab949384bbcf5d89ce8b356e10d5cafad4a8a7 100644
--- a/file_contexts
+++ b/file_contexts
@@ -218,6 +218,7 @@
 /system/bin/hw/wifi_hal_legacy   u:object_r:wifi_hal_legacy_exec:s0
 /system/fake-lib(64)?/libart.*   u:object_r:libart_file:s0
 /system/lib(64)?/libart.*        u:object_r:libart_file:s0
+/system/bin/hw/android.hardware.nfc@1.0-service   u:object_r:android_hardware_nfc_1_0_service_exec:s0
 
 #############################
 # Vendor files
diff --git a/nfc.te b/nfc.te
index a4383bb4f63638ca3abef18f317cd7d4c71e2bd0..09e75150ed1ab1fd9a7fe7103ac7cfbd01dd70ab 100644
--- a/nfc.te
+++ b/nfc.te
@@ -17,12 +17,6 @@ allow nfc nfc_device:chr_file rw_file_perms;
 allow nfc nfc_data_file:dir create_dir_perms;
 allow nfc nfc_data_file:notdevfile_class_set create_file_perms;
 
-allow nfc sysfs_nfc_power_writable:file rw_file_perms;
-allow nfc sysfs:file write;
-
-# TODO: added to match above sysfs rule. Remove me?
-allow nfc sysfs_usb:file write;
-
 # SoundPool loading and playback
 allow nfc audioserver_service:service_manager find;
 allow nfc drmserver_service:service_manager find;
@@ -40,3 +34,6 @@ allow nfc system_api_service:service_manager find;
 # the nfc process, from a file in
 # /data/data/com.android.shell/files/bugreports/bugreport-*.
 allow nfc shell_data_file:file read;
+
+# allow NFC process to call into the NFC HAL
+binder_call(nfc, android_hardware_nfc_1_0_service)