we have two options here, either bluez starts shipping a plug for the serial interface and we start providing access to ttyAMA0 through it via the gadget snap or the bluetooth-control or (better) bluez:service get permission for it ...
i guess either way we need to involve the security team here
@konrad: 5.44-1-dev from the edge channel works fine now as long as i use --devmode ... not using devmode gets me a denial:
[ 48.909501] audit: type=1400 audit(149138706 2.644:27) : apparmor="DENIED" operation="open" profile= "snap.bluez. hciattach" name="/dev/ttyAMA0" pid=1501 comm="hciattach" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
we have two options here, either bluez starts shipping a plug for the serial interface and we start providing access to ttyAMA0 through it via the gadget snap or the bluetooth-control or (better) bluez:service get permission for it ...
i guess either way we need to involve the security team here