ah, there are two ways:
you simply install the snappy-debug snap and run it alongside of your app, it will print interface suggestions for all DENIED messages that appear when your app tries to access the dirs …
…or you could clone the snapd source and grep through the interfaces/builtin directory, permitted filesystem locations are usually explicitly mentioned in the code or at least have a regex that starts with the toplevel dir: