I believe that setfattr is not capable of deciding (before it tries to save the value on filesystem) what value is correct or valid or well-formatted from SELinux point of view. No matter if SELinux is enforcing or permissive, the "unlabeled" value will be rejected and the SELINUX_ERR will be generated.

If you want to get rid of SELinux errors, please use following command in your TC:

rlRun "setfattr -n security.selinux -v system_u:object_r:unlabeled_t:s0 bz1347396" 0 "Setting 'unlabeled' attribute on the testfile"

If you want to apply an invalid (because atd_t is a process type, not a file type) but well-formatted label, please use following commands:

# setenforce 0
# setfattr -n security.selinux -v system_u:object_r:atd_t:s0 bz1347396
# ls -Z bz1347396 
-rw-r--r--. root root system_u:object_r:atd_t:s0       bz1347396
# setenforce 1
# ls -Z bz1347396 
-rw-r--r--. root root system_u:object_r:unlabeled_t:s0 bz1347396
#

Running the same command as root in a SSH terminal and in a beaker test via beaker harness does not always result in the same SELinux context. The difference is visible in the "*_u" parts of scontext and tcontext:

automated run via beaker harness
====
type=AVC msg=audit(1473870156.661:82): avc:  denied  { mac_admin } for  pid=28341 comm="setfattr" capability=33  scontext=system_u:unconfined_r:unconfined_t:s0 tcontext=system_u:unconfined_r:unconfined_t:s0 tclass=capability2

manual run in a SSH terminal
====
type=AVC msg=audit(1502961768.137:94): avc:  denied  { mac_admin } for  pid=11470 comm="setfattr" capability=33  scontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tcontext=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 tclass=capability2