snappy in 16.04 used to compare /usr/share/snappy/security-policy-version and /var/lib/snappy/security-policy-version on boot to see if the apparmor package changed and therefore if it needed to regenerate all snap policy. This functionality was recently removed with nothing added to replace it.
snapd must have a means to detect changes to the parser or the abstractions which the snap may #include, otherwise we cannot deliver parser and policy fixes from apparmor to installed snaps.
snappy in 16.04 used to compare /usr/share/ snappy/ security- policy- version and /var/lib/ snappy/ security- policy- version on boot to see if the apparmor package changed and therefore if it needed to regenerate all snap policy. This functionality was recently removed with nothing added to replace it.
snapd must have a means to detect changes to the parser or the abstractions which the snap may #include, otherwise we cannot deliver parser and policy fixes from apparmor to installed snaps.