diff --git a/private/app_neverallows.te b/private/app_neverallows.te
index 79437bd8838777ac1f184120a70973a0d24c72ee..30acf8729929c86fde5a9f084d2a618d26a3be96 100644
--- a/private/app_neverallows.te
+++ b/private/app_neverallows.te
@@ -93,7 +93,7 @@ neverallow all_untrusted_apps *:{
   ax25_socket ipx_socket netrom_socket atmpvc_socket x25_socket rose_socket decnet_socket
   atmsvc_socket rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket
   bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket
-  alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket
+  alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket xdp_socket
 } *;
 
 # Do not allow untrusted apps access to /cache
diff --git a/private/isolated_app.te b/private/isolated_app.te
index 1b56c5cf8c681867a0dbec3a5870417dbb5b2871..37594887f111e5d5049b4e1572d067f54a86d8dd 100644
--- a/private/isolated_app.te
+++ b/private/isolated_app.te
@@ -133,5 +133,5 @@ neverallow isolated_app self:{
   rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket
   bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket
   ieee802154_socket caif_socket alg_socket nfc_socket vsock_socket kcm_socket
-  qipcrtr_socket smc_socket
+  qipcrtr_socket smc_socket xdp_socket
 } create;
diff --git a/private/webview_zygote.te b/private/webview_zygote.te
index 75f70ac70e5d2a866ab853efe7053f89868e7e2c..a3a4c463fb98cf75a60a5cabd4c48a89a5156a37 100644
--- a/private/webview_zygote.te
+++ b/private/webview_zygote.te
@@ -132,6 +132,7 @@ neverallow webview_zygote domain:{
   pppox_socket llc_socket can_socket tipc_socket bluetooth_socket iucv_socket
   rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket
   alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket
+  xdp_socket
 } *;
 
 # Do not allow access to Bluetooth-related system properties.
diff --git a/public/global_macros b/public/global_macros
index 00f9fb310db4b67ce2ce703618e098ec7a14747b..962bca95e91725a03ff62b18cf429d25ae014691 100644
--- a/public/global_macros
+++ b/public/global_macros
@@ -10,7 +10,7 @@ define(`notdevfile_class_set', `{ file lnk_file sock_file fifo_file }')
 define(`file_class_set', `{ devfile_class_set notdevfile_class_set }')
 define(`dir_file_class_set', `{ dir file_class_set }')
 
-define(`socket_class_set', `{ socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket key_socket unix_stream_socket unix_dgram_socket appletalk_socket netlink_route_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket netlink_iscsi_socket netlink_fib_lookup_socket netlink_connector_socket netlink_netfilter_socket netlink_generic_socket netlink_scsitransport_socket netlink_rdma_socket netlink_crypto_socket sctp_socket icmp_socket ax25_socket ipx_socket netrom_socket atmpvc_socket x25_socket rose_socket decnet_socket atmsvc_socket rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket }')
+define(`socket_class_set', `{ socket tcp_socket udp_socket rawip_socket netlink_socket packet_socket key_socket unix_stream_socket unix_dgram_socket appletalk_socket netlink_route_socket netlink_tcpdiag_socket netlink_nflog_socket netlink_xfrm_socket netlink_selinux_socket netlink_audit_socket netlink_dnrt_socket netlink_kobject_uevent_socket tun_socket netlink_iscsi_socket netlink_fib_lookup_socket netlink_connector_socket netlink_netfilter_socket netlink_generic_socket netlink_scsitransport_socket netlink_rdma_socket netlink_crypto_socket sctp_socket icmp_socket ax25_socket ipx_socket netrom_socket atmpvc_socket x25_socket rose_socket decnet_socket atmsvc_socket rds_socket irda_socket pppox_socket llc_socket can_socket tipc_socket bluetooth_socket iucv_socket rxrpc_socket isdn_socket phonet_socket ieee802154_socket caif_socket alg_socket nfc_socket vsock_socket kcm_socket qipcrtr_socket smc_socket xdp_socket }')
 define(`dgram_socket_class_set', `{ udp_socket unix_dgram_socket }')
 define(`stream_socket_class_set', `{ tcp_socket unix_stream_socket sctp_socket }')
 define(`unpriv_socket_class_set', `{ tcp_socket udp_socket unix_stream_socket unix_dgram_socket sctp_socket }')
diff --git a/public/su.te b/public/su.te
index dad9c4948ca568fab3edc0dfdf1e7eecdaa5378d..4a401b86b8c9260a039b2a55d9b9a2fea07a107e 100644
--- a/public/su.te
+++ b/public/su.te
@@ -21,7 +21,7 @@ userdebug_or_eng(`
   dontaudit su kernel:security *;
   dontaudit su { kernel file_type }:system *;
   dontaudit su self:memprotect *;
-  dontaudit su domain:process *;
+  dontaudit su domain:{ process process2 } *;
   dontaudit su domain:fd *;
   dontaudit su domain:dir *;
   dontaudit su domain:lnk_file *;