diff --git a/drivers/accesstokenid/access_tokenid.c b/drivers/accesstokenid/access_tokenid.c
index e7bae802c53152c604842286e82b537585f44664..fd2e73033c3748057d1b7c6370f331c5ba529c6e 100644
--- a/drivers/accesstokenid/access_tokenid.c
+++ b/drivers/accesstokenid/access_tokenid.c
@@ -21,10 +21,11 @@ int access_tokenid_get_tokenid(struct file *file, void __user *uarg)
 			    sizeof(current->token)) ? -EFAULT : 0;
 }
 
-static bool check_permission_for_set_tokenid(struct file *file)
+static bool check_permission_for_set_tokenid(struct file *file, unsigned long long tokenid)
 {
 	kuid_t uid = current_uid();
 	struct inode *inode = file->f_inode;
+	access_tokenid_inner *tokenid_inner = (access_tokenid_inner *)&tokenid;
 
 	if (inode == NULL) {
 		pr_err("%s: file inode is null\n", __func__);
@@ -34,6 +35,8 @@ static bool check_permission_for_set_tokenid(struct file *file)
 	if (uid_eq(uid, GLOBAL_ROOT_UID) ||
 	    uid_eq(uid, inode->i_uid)) {
 		return true;
+	} else if (uid_eq(uid, NWEBSPAWN_UID) && (tokenid_inner->render_flag == 1)) {
+		return true;
 	}
 
 	return false;
@@ -43,12 +46,12 @@ int access_tokenid_set_tokenid(struct file *file, void __user *uarg)
 {
 	unsigned long long tmp = 0;
 
-	if (!check_permission_for_set_tokenid(file))
-		return -EPERM;
-
 	if (copy_from_user(&tmp, uarg, sizeof(tmp)))
 		return -EFAULT;
 
+	if (!check_permission_for_set_tokenid(file, tmp))
+		return -EPERM;
+
 	current->token = tmp;
 	return 0;
 }
diff --git a/drivers/accesstokenid/access_tokenid.h b/drivers/accesstokenid/access_tokenid.h
index 318b54831ebdba6bf5d5cc9637586967a6a99815..8a25d5f0fa5caf71a1a3af8f9d0d4bf0628b1c61 100644
--- a/drivers/accesstokenid/access_tokenid.h
+++ b/drivers/accesstokenid/access_tokenid.h
@@ -22,6 +22,15 @@ enum {
 	ACCESS_TOKENID_MAX_NR
 };
 
+typedef struct {
+	unsigned int token_uniqueid : 20;
+	unsigned int res : 5;
+	unsigned int render_flag : 1;
+	unsigned int dlp_flag : 1;
+	unsigned int type : 2;
+	unsigned int version : 3;
+} access_tokenid_inner;
+
 #define	ACCESS_TOKENID_GET_TOKENID \
 	_IOR(ACCESS_TOKEN_ID_IOCTL_BASE, GET_TOKEN_ID, unsigned long long)
 #define	ACCESS_TOKENID_SET_TOKENID \
diff --git a/include/linux/uidgid.h b/include/linux/uidgid.h
index 120ef9f71914ccf2c21773a2ec4b4bad3a6ef94a..9906d7d46b4ec71fdcf86e65ebcd05ca7e5fac74 100644
--- a/include/linux/uidgid.h
+++ b/include/linux/uidgid.h
@@ -55,6 +55,8 @@ static inline gid_t __kgid_val(kgid_t gid)
 #define GLOBAL_ROOT_UID KUIDT_INIT(0)
 #define GLOBAL_ROOT_GID KGIDT_INIT(0)
 
+#define NWEBSPAWN_UID KUIDT_INIT(3081)
+
 #ifdef CONFIG_HYPERHOLD
 #define GLOBAL_MEMMGR_UID KUIDT_INIT(1111)
 #endif