CODEWITHSUNDEEP
java-native-interfacejava-securityjava-security-managerazure-information-protectionmicrosoft-information-protection
Ravindra12jan
Ravindra12jan

Reputation: 351

JNI Call to MIP SDK gives error - Can't open database, check folder permissions: mip_data\mip\mip.policies.sqlite3

We have application in java where Java security is enabled. We need to fetch the tags from AIP cloud. We could get the access token using msal4j java library. There is no java library provided by MS for MIP so we have implemented native dll to fetch the AIP Labels. This dll is integrated with our web application. Application does the JNI calls to the native library to fetch the labels.

I think MIP SDK creates the sqlite database to cache the Labels. So it creats the sqlite file on the local disk internally. But as the security is enabled I am getting access denied error for the MIP dll.

"Can't open database, check folder permissions: mip_data\mip\mip.policies.sqlite3"

I have tried giving below permissions in manager.policy but not working

grant codeBase "../Protect/lib/native/*" {

permission java.io.FilePermission "../Protect/bin/mip_data/mip/mip.policies.sqlite3", "read,write,delete";
permission java.io.FilePermission "../Protect/bin/mip_data/mip", "read,write,delete";
permission java.io.FilePermission "../Protect/bin/mip_data", "read,write,delete";
permission java.io.FilePermission "../Protect/bin", "read,write,delete";
};

grant codeBase "../Protect/lib/native/-" {

permission java.io.FilePermission "../Protect/bin/mip_data/mip/mip.policies.sqlite3", "read,write,delete";
permission java.io.FilePermission "../Protect/bin/mip_data/mip", "read,write,delete";
permission java.io.FilePermission "../Protect/bin/mip_data", "read,write,delete";
permission java.io.FilePermission "../Protect/bin", "read,write,delete";
};

grant codeBase "../Protect/lib/native/-" {

permission java.io.FilePermission "../Protect/bin/mip_data/mip/mip.policies.sqlite3", "read,write,delete";
permission java.io.FilePermission "../Protect/bin/mip_data/mip", "read,write,delete";
permission java.io.FilePermission "../Protect/bin/mip_data", "read,write,delete";
permission java.io.FilePermission "../Protect/bin", "read,write,delete";
};

grant codeBase "file:${catalina.home}/webapps/ProtectManager/WEB-INF/lib/*" 
{
permission java.io.FilePermission "../Protect/bin/mip_data/mip/mip.policies.sqlite3", "read,write,delete";
permission java.io.FilePermission "../Protect/bin/mip_data/mip", "read,write,delete";
permission java.io.FilePermission "../Protect/bin/mip_data", "read,write,delete";
permission java.io.FilePermission "../Protect/bin", "read,write,delete";

}

How does the Java security works in case of JNI? Does it inherits all the permissions to native calls?

Upvotes: 0

Views: 308

Answers (1)

Tom Moser
Tom Moser

Reputation: 786

Which OS are you using? I can't answer your Java question, but we do have a private preview of the MIP SDK Java Wrapper on Windows. We plan to expand to a few Linux distros in the near future, but are collecting feedback on the Windows version, first.

If you're interested, I'm happy to provide a build.

Upvotes: 0

Related Questions