Add dontaudit rules for nfc.persist properties

Since NFC has a common vendor library, adding dontaudit rules
for properties which are not used by this product.

type=1400 audit(0.0:35): avc: denied { read } for comm="nfc@1.1-service"
name="u:object_r:default_prop:s0" dev="tmpfs" ino=17612 scontext=u:r:hal_nfc_default:s0
tcontext=u:object_r:default_prop:s0 tclass=file permissive=0

Test: check logcat
Bug: 79417308
Change-Id: If2d0a1d3403851d819305f18c96c18eca35db7a8

3 files changed, 5 insertions, 0 deletions

diff --git a/sepolicy/vendor/hal_nfc_default.te b/sepolicy/vendor/hal_nfc_default.te
index 7367b5a6..21614c4f 100644
--- a/sepolicy/vendor/hal_nfc_default.te
+++ b/sepolicy/vendor/hal_nfc_default.te
@@ -4,3 +4,4 @@ allow hal_nfc_default nfc_vendor_data_file:file create_file_perms;
 
 dontaudit hal_nfc_default nxpese_hwservice:hwservice_manager find;
 dontaudit hal_nfc_default nxpnfc_hwservice:hwservice_manager add;
+dontaudit hal_nfc_default persist_nfc_prop:file read;
diff --git a/sepolicy/vendor/property.te b/sepolicy/vendor/property.te
index 9687886a..cb25a31e 100644
--- a/sepolicy/vendor/property.te
+++ b/sepolicy/vendor/property.te
@@ -24,3 +24,4 @@ type vendor_radio_prop, property_type;
 type vendor_wifi_version, property_type;
 type vendor_usb_config_prop, property_type;
 type vendor_charge_prop, property_type;
+type persist_nfc_prop, property_type;
diff --git a/sepolicy/vendor/property_contexts b/sepolicy/vendor/property_contexts
index 6c88cb5d..7f364b38 100644
--- a/sepolicy/vendor/property_contexts
+++ b/sepolicy/vendor/property_contexts
@@ -200,3 +200,6 @@ persist.service.bdroid.ssrlvl  u:object_r:vendor_bluetooth_prop:s0
 ro.bluetooth.a4wp          u:object_r:vendor_bluetooth_prop:s0
 ro.bluetooth.emb_wp_mode   u:object_r:vendor_bluetooth_prop:s0
 ro.bluetooth.wipower       u:object_r:vendor_bluetooth_prop:s0
+
+# persist_nfc_prop
+persist.nfc. u:object_r:persist_nfc_prop:s0