Update ST NFC/SecureElement policies

Bug: 168875298
Bug: 160672745
Test: check no avc denial for nfc
Merged-In: I1dbf80f57e4dcd771cd38ce25b59fa5e66c127aa
Change-Id: I1dbf80f57e4dcd771cd38ce25b59fa5e66c127aa
diff --git a/vendor/google/file.te b/vendor/google/file.te
index 9b0f504..1e5c29b 100644
--- a/vendor/google/file.te
+++ b/vendor/google/file.te
@@ -25,7 +25,6 @@
 type debugfs_usb, debugfs_type, fs_type;
 type mediadrm_vendor_data_file, file_type, data_file_type;
 type diag_socket, file_type, mlstrustedobject;
-type ese_vendor_data_file, file_type, data_file_type;
 type debugfs_dma_buf, debugfs_type, fs_type;
 type debugfs_clk, debugfs_type, fs_type;
 type debugfs_pmic, debugfs_type, fs_type;
diff --git a/vendor/st/file_contexts b/vendor/st/file_contexts
index 594e74d..eddf11d 100644
--- a/vendor/st/file_contexts
+++ b/vendor/st/file_contexts
@@ -11,6 +11,5 @@
 
 ###################################
 # data files
-/data/vendor/ese(/.*)?                                                                u:object_r:ese_vendor_data_file:s0
 /data/nfc(/.*)?                                                                       u:object_r:nfc_data_file:s0
 
diff --git a/vendor/st/hal_nfc_default.te b/vendor/st/hal_nfc_default.te
index 66ce177..5f0c7f6 100644
--- a/vendor/st/hal_nfc_default.te
+++ b/vendor/st/hal_nfc_default.te
@@ -1,3 +1,9 @@
+# NFC property
+get_prop(hal_nfc_default, vendor_nfc_prop)
+
+# SecureElement property
+set_prop(hal_nfc_default, vendor_secure_element_prop)
+
 # Modem property
 set_prop(hal_nfc_default, vendor_modem_prop)
 
diff --git a/vendor/st/hal_secure_element_default.te b/vendor/st/hal_secure_element_default.te
index 94b811d..1c127ea 100644
--- a/vendor/st/hal_secure_element_default.te
+++ b/vendor/st/hal_secure_element_default.te
@@ -1,6 +1,5 @@
 allow hal_secure_element_default secure_element_device:chr_file rw_file_perms;
-allow hal_secure_element_default ese_vendor_data_file:dir create_dir_perms;
-allow hal_secure_element_default ese_vendor_data_file:file create_file_perms;
-allow hal_secure_element_default debugfs_ipc:dir search;
+dontaudit hal_secure_element_default debugfs_ipc:dir search;
 set_prop(hal_secure_element_default, vendor_secure_element_prop)
 get_prop(hal_secure_element_default, vendor_modem_prop)
+
diff --git a/vendor/st/property.te b/vendor/st/property.te
index d070080..723121a 100644
--- a/vendor/st/property.te
+++ b/vendor/st/property.te
@@ -1 +1,2 @@
-type vendor_secure_element_prop, property_type;
+vendor_internal_prop(vendor_nfc_prop)
+vendor_internal_prop(vendor_secure_element_prop)
diff --git a/vendor/st/property_contexts b/vendor/st/property_contexts
index 01a12e4..c6cd8a4 100644
--- a/vendor/st/property_contexts
+++ b/vendor/st/property_contexts
@@ -1,4 +1,6 @@
 # SecureElement
 persist.vendor.se.                              u:object_r:vendor_secure_element_prop:s0
 
+# NFC
+persist.vendor.nfc.                             u:object_r:vendor_nfc_prop:s0
 
diff --git a/vendor/st/vendor_init.te b/vendor/st/vendor_init.te
new file mode 100644
index 0000000..7de90e2
--- /dev/null
+++ b/vendor/st/vendor_init.te
@@ -0,0 +1,2 @@
+# NFC vendor property
+set_prop(vendor_init, vendor_nfc_prop)