Webusb vs Chromium (and snaps in general)

WebUSB is a JavaScript application programming interface (API) specification for securely providing access to USB devices from web pages (…) and is supported by Google Chrome [and Chromium], Microsoft Edge (…)


Bug 1905458 describes how Apparmor denies access to the Chromium snap to /run/udev/data/*.

Since allowing access by default to all those endpoints would be a no-go from the point of view of security, is there an existing canonical approach to give users the option to allow that within snap confinement?

The raw-usb interface should grant that access for USB devices… perhaps we might need to enhance it for additional devices but the bug above looks more like a general permission issue (device nodes owned by root, while for I.e. webcams they should be root:video)