That doc says that snapd will enforce via polkit if theme snaps can be installed and there will be a separate API for that, but this request is for use of snapd-control, so has that API and polkit integration been implemented in snapd?
If no, then I would be uncomfortable granting snapd-control at this time since the snap would have device ownership.
If ‘yes’, then most of my questions are answered (snapd via polkit policy on the theme-specific APIs are mediated by snapd).
Also, it wasn’t clear to me from that doc that the snapd-desktop-integration helper would itself be delivered as a snap, so this question remains: how can other snaps influence this snap? Does it export a content interface? A DBus service?
Another question is that the snapd-control interface grants access to a particular socket and access to that socket grants device ownership to the snap. It sounds like the other forum topic handles when non-root processes use the new theme APIs, but it makes me a bit uncomfortable that snapd-desktop-intergration must use ‘snapd-control’ interface since that socket API offers much more than the new polkit-protected theme APIs. Eg, what can the non-root snapd-desktop-intergration do with the other APIs that are currently offered to non-root? If the snapd-desktop-intergration snap ever shipped a system daemon, it runs as root and the snap would have the ability to access the whole API. Should we add a new interface (eg, snapd-themes-control?) or a new attribute to snapd-control? (@pedronis, perhaps you can weigh in)