As @ijohnson explained (and as is also documented in the https://forum.snapcraft.io/t/process-for-reviewing-classic-confinement-snaps/1460) the dependent software should be shipped instead. And there are interfaces (like kvm) that you could plug and keep under strict confinement. Have you tried this already?
Feel free to share any issue you are having if that’s the case.