diff --git a/prebuilts/api/28.0/public/attributes b/prebuilts/api/28.0/public/attributes
index ea7229299fdc18a67c5e1463398783bf54201062..7a0c07a7287a1a070fd074e6fd11e096eb048033 100644
--- a/prebuilts/api/28.0/public/attributes
+++ b/prebuilts/api/28.0/public/attributes
@@ -207,6 +207,12 @@ attribute halserverdomain;
 attribute halclientdomain;
 expandattribute halclientdomain true;
 
+# Exempt for halserverdomain to access sockets. Only builds for automotive
+# device types are allowed to use this attribute (enforced by CTS).
+# Unlike phone, in a car many modules are external from Android perspective and
+# HALs should be able to communicate with those devices through sockets.
+attribute hal_automotive_socket_exemption;
+
 # TODO(b/72757373): Use hal_attribute macro once expandattribute value conflicts
 # can be resolve.
 attribute hal_audio;
diff --git a/prebuilts/api/28.0/public/hal_neverallows.te b/prebuilts/api/28.0/public/hal_neverallows.te
index 017fcce7b689a48a08b70c57d1c965d5e094edbf..0f05d8ad3fa7415590347e2e60fd16c62edcfb98 100644
--- a/prebuilts/api/28.0/public/hal_neverallows.te
+++ b/prebuilts/api/28.0/public/hal_neverallows.te
@@ -11,8 +11,13 @@ neverallow {
 
 # Unless a HAL's job is to communicate over the network, or control network
 # hardware, it should not be using network sockets.
+# NOTE: HALs for automotive devices have an exemption from this rule because in
+# a car it is common to have external modules and HALs need to communicate to
+# those modules using network.  Using this exemption for non-automotive builds
+# will result in CTS failure.
 neverallow {
   halserverdomain
+  -hal_automotive_socket_exemption
   -hal_tetheroffload_server
   -hal_wifi_server
   -hal_wifi_hostapd_server
diff --git a/public/attributes b/public/attributes
index ea7229299fdc18a67c5e1463398783bf54201062..7a0c07a7287a1a070fd074e6fd11e096eb048033 100644
--- a/public/attributes
+++ b/public/attributes
@@ -207,6 +207,12 @@ attribute halserverdomain;
 attribute halclientdomain;
 expandattribute halclientdomain true;
 
+# Exempt for halserverdomain to access sockets. Only builds for automotive
+# device types are allowed to use this attribute (enforced by CTS).
+# Unlike phone, in a car many modules are external from Android perspective and
+# HALs should be able to communicate with those devices through sockets.
+attribute hal_automotive_socket_exemption;
+
 # TODO(b/72757373): Use hal_attribute macro once expandattribute value conflicts
 # can be resolve.
 attribute hal_audio;
diff --git a/public/hal_neverallows.te b/public/hal_neverallows.te
index 017fcce7b689a48a08b70c57d1c965d5e094edbf..0f05d8ad3fa7415590347e2e60fd16c62edcfb98 100644
--- a/public/hal_neverallows.te
+++ b/public/hal_neverallows.te
@@ -11,8 +11,13 @@ neverallow {
 
 # Unless a HAL's job is to communicate over the network, or control network
 # hardware, it should not be using network sockets.
+# NOTE: HALs for automotive devices have an exemption from this rule because in
+# a car it is common to have external modules and HALs need to communicate to
+# those modules using network.  Using this exemption for non-automotive builds
+# will result in CTS failure.
 neverallow {
   halserverdomain
+  -hal_automotive_socket_exemption
   -hal_tetheroffload_server
   -hal_wifi_server
   -hal_wifi_hostapd_server