Auto-connection request for onekey-wallet (raw-usb)

store-requests privileged-interfaces
1

Hi Snap Store reviewers,

We would like to request auto-connection for the raw-usb interface for the onekey-wallet snap.

name: onekey-wallet description: OneKey is a desktop wallet application for managing crypto assets and connecting to OneKey hardware wallets. snapcraft: app-monorepo/apps/desktop/electron-builder-snap.config.js at x · OneKeyHQ/app-monorepo · GitHub upstream: GitHub - OneKeyHQ/app-monorepo: Secure, open source and community driven crypto wallet runs on all platforms and trusted by millions. · GitHub upstream-relation: The snap is published and maintained by the OneKey team.

interfaces:

  • raw-usb:
    • request-type: auto-connection
    • reasoning: OneKey Wallet needs direct USB access to communicate with OneKey hardware wallets from the Linux desktop snap. This is used for normal device connection, signing flows, device initialization, and firmware update flows. Without this interface being connected, users need to run sudo snap connect onekey-wallet:raw-usb manually before the hardware wallet can be used, which is especially confusing during onboarding and firmware update flows.

The application only uses this access for OneKey hardware wallet communication when the user starts a hardware connection or firmware update flow. The SDK filters OneKey USB devices by the known OneKey USB VID/PID values:

  • VID 0x1209, PID 0x53c0
  • VID 0x1209, PID 0x53c1
  • VID 0x1209, PID 0x4f4a
  • VID 0x1209, PID 0x4f4b

There is no general-purpose USB tooling exposed to users, and the app does not use raw USB access to inspect unrelated USB devices.

We are moving the Linux desktop hardware transport away from OneKey Bridge and toward WebUSB, so this permission is now part of the expected hardware wallet connection path.

As a fallback for systems where auto-connection is not granted, the app checks the interface state with:

snapctl is-connected raw-usb

If it is not connected, the app shows the user the exact command:

sudo snap connect onekey-wallet:raw-usb

We understand that raw-usb does not replace normal Unix device-node permissions, so we will continue to document udev requirements where needed.

2

Hey @wabicai

Could you please give us more details about how the usb device is accessed in this case? I wonder whether other interfaces could be a better fit in this case.

Thanks!