Can't talk to Bluez from my snap

I’m getting this error when trying to talk to BlueZ over dbus:

error time=1537907351.253802 sender=org.freedesktop.DBus -> destination=:1.32 error_name=org.freedesktop.DBus.Error.AccessDenied reply_serial=7 string "Rejected send message, 3 matched rules; type="method_call", sender=":1.32" (uid=1000 pid=7337 comm="/snap/mbed-edge/11/./mept-ble --edge-domain-socket") interface="org.freedesktop.DBus.ObjectManager" member="GetManagedObjects" error name="(unset)" requested_reply="0" destination=":1.3" (uid=0 pid=1891 comm="/snap/bluez/165/usr/lib/bluetooth/bluetoothd -E ")"

I’ve tried to package my snap like this: https://docs.ubuntu.com/core/en/stacks/bluetooth/bluez/docs/reference/enablement/snapping-bluetooth-enabled-application

Then connected the plug/socket:
admin@C031051823-00197:/snap$ snap interfaces | grep bluez
bluez:service bluez:client,mbed-edge:client

I’m getting denied by the policies set in /etc/dbus-1/system.d/snap.bluez.bluez.conf and /etc/dbus-1/system.d/snap.bluez.obex.conf. Manually editing those files fixes my problem.

What’s the right way to package my app so that I’m allowed to send to org.bluez?

What changes did you make to /etc/dbus-1/system.d/snap.bluez.bluez.conf and /etc/dbus-1/system.d/snap.bluez.obex.conf?

I changed the lines that that used to be

<policy context="default">
    <deny send_destination="org.bluez"/>
</policy>

to

<policy context="default">
    <allow send_destination="org.bluez"/>
</policy>

I did this to verify that the policy is indeed causing my messages to be rejected.

It sounds like you are trying to access bluez as non-root. On core, the dbus policy allows connections as root since there is no polkit/etc for non-root authorization. If you run your command under sudo I suspect it will work. daemons in your snap run as root, so they’ll be able to access the service (if the interface is connected).

Running under sudo did the job. Thanks!