Access device tree informations from a snap package

Hi all,
i need to access some information contained in device tree nodes (/sys/firmware/devicetree/base/) in read only mode.
Apparmor prevent me to open these files for reading.

The main goal for this, is to present to a snap the information about hardware present on the board (i.e. physical mounted led, what is mounted to a gpio pin, and so on).

I can’t find on snapd code an interface that support my needs.
Is already present an interface for reading these files?
Can you help me to access these information?

Another way to access these informations is to read and decompile the dtb present in the boot partition (/boot/uboot/kernel-name/dtbs/). But apparmor prevent me to read these files.
I’ve seen that core-support interface permit to read/write/lock on /boot/uboot/config.txt.
Is it possible to extend apparmor profile to permit access in read only mode to files in /boot/uboot/kernel-name/dtbs/?

Maybe a dedicated interface to access the devicetree information by access /sys/firmware/devicetree/base/ is welcome.

Without any of the previous solutions the only way that i can find to access these informations is to insert some text in the field “description” of the kernelsnap, and access it through snapd socket by using snapd interface. This is dangerous for an application that only need read a file.

Thanks in advance,

Francesco

The hardware-observe interface has this rule:

/sys/{block,bus,class,devices,firmware}/{,**} r,

That should match /sys/firmware/devicetree/base/. Have you tried plugging this interface? If so, can you paste the apparmor denials when plugging this interface?

Great!!
Using hardware-observe interface the snap works fine.
Thanks a lot!!

Francesco