Setting Management Policies

A management policy signifies the security check required to perform management operations on the key. The management policy associated with the key is of type TSecurityPolicy. The policy can be set to check capabilities or the Vendor ID associated with the calling process. The calling process should have a WriteUserData capability.

The following steps explain the process of setting a management policy for a key:

  1. Create a file system session using an RFs object.

  2. Create an object of type CUnifiedKeyStore using CUnifiedKeyStore::NewL() or CUnifiedKeyStore::NewLC().

  3. Initialise the member functions and keystore using the asynchronous function CUnifiedKeyStore::Initialize().

  4. List all keys in the keystore using the CUnifiedKeyStore::List() function. Retrieve the handle of the key for which the management policy needs to be set.

  5. Set the management policy for the key using the CUnifiedKeyStore::SetManagementPolicy() function.

Management policy is set for the selected key.

Example

The following code snippet shows how to set management policy for a key.

//Create a file system session object
RFs iFs;
CleanupClosePushL(&iFs);


...


// Initialise the keystore and member functions
CUnifiedKeyStore* keyStore = CUnifiedKeyStore::NewL(fs);
keyStore->Initialize(iStatus); //iStatus is a TRequestStatus object


...



// Retrieve the handle of the key for which management policy has to be set
TCTKeyAttributeFilter  filter.iUsage = EPKCS15UsageAll;
RPointerArray<CCTKeyInfo> iKeys; // This variable will contain the result of the set management policy operation
keyStore->List(iKeys, filter, iStatus);


...



// Retrieve the key handle of the appropriate key
_LIT(KLabel,”keylabel”);

// Select the key with the label you are looking for
TInt keyIndex;
for (TInt j = 0; j < iKeys.Count(); j++)
    {
    if (iKeys[j]->Label() == KLabel) 
        {
        keyIndex = j;
        break;
        }
    }


...



// Set the management policy

TSecurityPolicy managementPolicy;
TUint vendorId = 0x70000007;
TCapability caps[3];
caps[0] = ECapabilityWriteUserData;
caps[1] = ECapabilityDRM;
caps[2] = ECapabilityReadUserData;

managementPolicy = TSecurityPolicy(TSecureId(secureId), caps[0], caps[1], caps[2]);
keyStore->SetManagementPolicy(*iKeys, managementPolicy, iStatus);


//Clean up
CleanupStack::PopAndDestroy(); // iFs
Related tasks
Setting Use Policies