From the info/man pages:
GNU 'ls' uses a '.' character to indicate a file with an SELinux security context, but no other alternate access method.
The whole section also mentions a '+', which is relevant:
Following the file mode bits is a single character that specifies whether an alternate access method such as an access control list applies to the file. When the character following the file mode bits is a space, there is no alternate access method. When it is a printing character, then there is such a method.
GNU 'ls' uses a '.' character to indicate a file with an SELinux security context, but no other alternate access method.
A file with any other combination of alternate access methods is marked with a '+' character.