diff --git a/Android.mk b/Android.mk
index 759efe127a52c5d5ca4c01f07c84736da2e13d73..aa6e07c99bce6b6c0ae38b6def803216a67e8ff6 100644
--- a/Android.mk
+++ b/Android.mk
@@ -701,6 +701,7 @@ $(LOCAL_BUILT_MODULE): PRIVATE_MLS_CATS := $(MLS_CATS)
 $(LOCAL_BUILT_MODULE): PRIVATE_TGT_ARCH := $(my_target_arch)
 $(LOCAL_BUILT_MODULE): PRIVATE_WITH_ASAN := false
 $(LOCAL_BUILT_MODULE): PRIVATE_SEPOLICY_SPLIT := cts
+$(LOCAL_BUILT_MODULE): PRIVATE_COMPATIBLE_PROPERTY := cts
 $(LOCAL_BUILT_MODULE): $(call build_policy, $(sepolicy_build_files), \
 $(PLAT_PUBLIC_POLICY) $(PLAT_PRIVATE_POLICY))
 	$(transform-policy-to-conf)
diff --git a/public/property.te b/public/property.te
index 5c34264111548e09fc9125e6cc3da718e3b40222..e4003326868a25c2e4aa9164638719098d5e9fe0 100644
--- a/public/property.te
+++ b/public/property.te
@@ -148,7 +148,7 @@ compatible_property_only(`
     domain
     -coredomain
     -appdomain
-    -hal_nfc
+    -hal_nfc_server
     -vendor_init
   } {
     nfc_prop
@@ -189,6 +189,16 @@ compatible_property_only(`
     -radio_prop
   }:file no_rw_file_perms;
 
+  neverallow {
+    domain
+    -coredomain
+    -appdomain
+    -hal_nfc_server
+    -vendor_init
+  } {
+    nfc_prop
+  }:file no_rw_file_perms;
+
   neverallow {
     domain
     -coredomain