diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index c4cbfd859586c0843b7a587084b2379f1c50614f..05ef5ed32e3991b586c72e8422e462553103fae6 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -172,6 +172,7 @@ neverallow all_untrusted_apps {
   -hal_graphics_allocator_hwservice
   -hal_omx_hwservice
   -hal_cas_hwservice
+  -hal_neuralnetworks_hwservice
   -untrusted_app_visible_hwservice
 }:hwservice_manager find;
 
@@ -194,7 +195,6 @@ neverallow all_untrusted_apps {
   hal_keymaster_hwservice
   hal_light_hwservice
   hal_memtrack_hwservice
-  hal_neuralnetworks_hwservice
   hal_nfc_hwservice
   hal_oemlock_hwservice
   hal_power_hwservice
@@ -238,6 +238,7 @@ full_treble_only(`
     -hal_configstore_server
     -hal_graphics_allocator_server
     -hal_cas_server
+    -hal_neuralnetworks_server
     -binder_in_vendor_violators # TODO(b/35870313): Remove once all violations are gone
     -untrusted_app_visible_halserver
   }:binder { call transfer };
diff --git a/private/technical_debt.cil b/private/technical_debt.cil
index 974f32831fe3a6ed6ff13cd5b10a2c656359c18f..7f9d315edf6b613e3fe6bbca2e8b590dd7dee04f 100644
--- a/private/technical_debt.cil
+++ b/private/technical_debt.cil
@@ -31,3 +31,8 @@
 ; Unfortunately, we can't currently express this in module policy language:
 ;     typeattribute hal_camera hal_allocator_client;
 (typeattributeset hal_allocator_client (hal_camera))
+
+; Apps, except isolated apps, are clients of Neuralnetworks HAL
+; Unfortunately, we can't currently express this in module policy language:
+;     typeattribute { appdomain -isolated_app } hal_neuralnetworks_client;
+(typeattributeset hal_neuralnetworks_client ((and (appdomain) ((not (isolated_app))))))