diff --git a/drivers/android/binder.c b/drivers/android/binder.c
index d9977ce0be76d80afaa236a5733bed13ceea5d36..e58dd44eee3db8c58bf13a58aa4f9e5e0e15638b 100644
--- a/drivers/android/binder.c
+++ b/drivers/android/binder.c
@@ -591,6 +591,10 @@ struct binder_transaction {
 	 * during thread teardown
 	 */
 	spinlock_t lock;
+#ifdef CONFIG_ACCESS_TOKENID
+	u64 sender_tokenid;
+	u64 first_tokenid;
+#endif /* CONFIG_ACCESS_TOKENID */
 };
 
 /**
@@ -3088,6 +3092,10 @@ static void binder_transaction(struct binder_proc *proc,
 	else
 		t->from = NULL;
 	t->sender_euid = task_euid(proc->tsk);
+#ifdef CONFIG_ACCESS_TOKENID
+	t->sender_tokenid = current->token;
+	t->first_tokenid = current->ftoken;
+#endif /* CONFIG_ACCESS_TOKENID */
 	t->to_proc = target_proc;
 	t->to_thread = target_thread;
 	t->code = tr->code;
@@ -4447,6 +4455,10 @@ static int binder_thread_read(struct binder_proc *proc,
 		trd->code = t->code;
 		trd->flags = t->flags;
 		trd->sender_euid = from_kuid(current_user_ns(), t->sender_euid);
+#ifdef CONFIG_ACCESS_TOKENID
+		trd->sender_tokenid = t->sender_tokenid;
+		trd->first_tokenid = t->first_tokenid;
+#endif /* CONFIG_ACCESS_TOKENID */
 
 		t_from = binder_get_txn_from(t);
 		if (t_from) {
@@ -5081,7 +5093,7 @@ static long binder_ioctl(struct file *filp, unsigned int cmd, unsigned long arg)
 			ret = -EINVAL;
 			goto err;
 		}
-		if (put_user(BINDER_CURRENT_PROTOCOL_VERSION,
+		if (put_user(BINDER_CURRENT_PROTOCOL_VERSION + BINDER_SUB_VERSION,
 			     &ver->protocol_version)) {
 			ret = -EINVAL;
 			goto err;
diff --git a/include/uapi/linux/android/binder.h b/include/uapi/linux/android/binder.h
index ec84ad10656834d690089c0556110ad09005c2b1..1b75626269a36f6d345a214ea4decee31ffe9efd 100644
--- a/include/uapi/linux/android/binder.h
+++ b/include/uapi/linux/android/binder.h
@@ -195,6 +195,15 @@ struct binder_version {
 #define BINDER_CURRENT_PROTOCOL_VERSION 8
 #endif
 
+#ifdef CONFIG_ACCESS_TOKENID
+#define ENABLE_ACCESS_TOKENID 1
+#else
+#define ENABLE_ACCESS_TOKENID 0
+#endif /* CONFIG_ACCESS_TOKENID */
+
+#define BINDER_SUB_VERSION_SHIFT_BASE 16
+#define BINDER_SUB_VERSION (ENABLE_ACCESS_TOKENID << BINDER_SUB_VERSION_SHIFT_BASE)
+
 /*
  * Use with BINDER_GET_NODE_DEBUG_INFO, driver reads ptr, writes to all fields.
  * Set ptr to NULL for the first call to get the info for the first node, and
@@ -284,6 +293,10 @@ struct binder_transaction_data {
 		} ptr;
 		__u8	buf[8];
 	} data;
+#ifdef CONFIG_ACCESS_TOKENID
+	__u64 sender_tokenid;
+	__u64 first_tokenid;
+#endif /* CONFIG_ACCESS_TOKENID */
 };
 
 struct binder_transaction_data_secctx {