Generally speaking, allowing privileged operations because a specific user asked over a TCP socket is asking for trouble: there are quite a few ways that unwitting processes could open a socket on behalf of an attacker without realizing that it is asserting its identity and thus granting privilege.
All the major cloud get this IMO entirely wrong with their services that issue secrets to instances (e.g. AWS IDMS).
With tcp being connection-oriented I think it's not too hard to get right, especially if the OS won't reuse a closed socket right away. Definitely worth considering though. Of course it's doable without netstat if you can track down the right apis https://stackoverflow.com/questions/47659365/find-process-ow...
All the major cloud get this IMO entirely wrong with their services that issue secrets to instances (e.g. AWS IDMS).