Snapd doesn't allow notification daemon to be activatable

I just checked how dbus notification are working on MATE with a snapped app and got this error:
GDBus.Error:org.freedesktop.DBus.Error.AccessDenied: An AppArmor policy prevents this sender from sending this message to this recipient; type="method_call", sender=":1.109" (uid=1000 pid=2190 comm="telegram-desktop " label="snap.telegram-desktop.telegram-desktop (enforce)") interface="org.freedesktop.Notifications" member="Notify" error name="(unset)" requested_reply="0" destination="org.freedesktop.Notifications" (bus)
(there are also the same errors for all the other methods on the interface, like GetCapabilities and so on)

I guess it’s because MATE doesn’t have notification daemon process running all the time in background, it’s dbus activatable instead and stops running multiple seconds after last notification was hidden.

This access is allowed by the desktop interface. Does your app plug that interface at all?

No, it requires peer=(label=unconfined), so notification daemon should running or should have AssumedAppArmor=unconfined in its systemd unit file, while it doesn’t have a systemd unit file and dbus generates it, so snapd blocks the access. There should be lines like xdg-desktop-portal has