You don't need to give any explicit permissions for the snapshot of current sockets.

Yeah, non-sandboxed apps can iterate over open file descriptors. It's quite useful to detect eg. which app on your local machine is connecting over TCP. I hope they don't lock it down. It doesn't allow intercepting traffic, but you can see what connects where.