cannot specify /sys/class/gpio/export with hw-assign

A snap is trying to access /sys/class/gpio/export:

Aug 25 18:24:51 localhost kernel: [24189.210410] audit: type=1400 audit(1440527091.749:42): apparmor="DENIED" operation="open" profile="led-blinker.sideload_led-blinker_0.2" name="/sys/class/gpio/export" pid=4199 comm="led-blinker" requested_mask="w" denied_mask="w" fsuid=0 ouid=0

Try to use hw-assign to allow it:
$ sudo snappy hw-assign led-blinker /sys/class/gpio/export
invalid hardware device

The problem in in hwaccess.go the check is too strict:
// Return true if the device string is a valid device
func validDevice(device string) bool {
 return strings.HasPrefix(device, "/dev") || strings.HasPrefix(device, "/sys/devices")
}

We should also allow /sys/class/gpio/export and unexport. AIUI the hw access story is changing and I thought something specific for gpio might be coming, so I'm not sure what to suggest long term. A very easy short term fix is just to allow /sys/class/gpio/export and /sys/class/gpio/unexport until this is worked out. This would be fine for rolling and 15.04.

WORKAROUND:
People encountering this can update the profile manually be editing /var/lib/apparmor/profiles/*_<pkgname>_<service/binaryname>_<version> to include this before the last '}':
  /sys/class/gpio/export rw,
  /sys/class/gpio/unexport rw,

Then do:
$ sudo apparmor_parser -r /var/lib/apparmor/profiles/*_<pkgname>_<service/binaryname>_<version>

This change will survive reboots but it will be lost if you reinstall/upgrade the snap or if you use hw-assign after making the change (since it regenerates the profile).