Given the requirements of Curiosity I believe the current approach you are taking is reasonable - whilst the snap could work as a classic snap, it would appear that the use of
desktop-launch and perhaps
system-files to allow the snap to enumerate all applications should allow the snap to work under strict confinement, providing a more secure solution for users.
However, note the desktop-launch interface is super-privileged and so requires publisher vetting (similar to the process for classic confinement too).
As such, +1 from me for the use-of and auto-connect of
system-files - to see the actual applications installed on the host you will need to look under
/var/lib/snapd/hostfs/usr/share/applications instead. So please change your
system-files slot to specify this path, and this should then be named:
hostfs-usr-share-applications so that users can understand it’s purpose better. Finally for
personal-files - the
home interface should already provide the access which you need.
As such, +1 for use-of and auto-connect of
read access to
/var/lib/snapd/hostfs/usr/share/applications as well.
personal-files access to
$HOME as this should be available via the
home interface. Note this does not provide access to say
~/.local/share/applications (which I wonder is what you really need) - in that case you could specify a
personal-files instance with
read to this path
dot-local-share-applications - in that case, +1 to that from me.