Setting Management Policies

A management policy signifies the security check required to perform management operations on the key. The management policy associated with the key is of type TSecurityPolicy . The policy can be set to check capabilities or the Vendor ID associated with the calling process. The calling process should have a WriteUserData capability.

The following steps explain the process of setting a management policy for a key:

  1. Create a file system session using an RFs object.

  2. Create an object of type CUnifiedKeyStore using CUnifiedKeyStore::NewL() or CUnifiedKeyStore::NewLC() .

  3. Initialise the member functions and keystore using the asynchronous function CUnifiedKeyStore::Initialize() .

  4. List all keys in the keystore using the CUnifiedKeyStore::List() function. Retrieve the handle of the key for which the management policy needs to be set.

  5. Set the management policy for the key using the CUnifiedKeyStore::SetManagementPolicy() function.

Management policy is set for the selected key.


The following code snippet shows how to set management policy for a key.

       //Create a file system session object
RFs iFs;


// Initialise the keystore and member functions
CUnifiedKeyStore* keyStore = CUnifiedKeyStore::NewL(fs);
keyStore->Initialize(iStatus); //iStatus is a TRequestStatus object


// Retrieve the handle of the key for which management policy has to be set
TCTKeyAttributeFilter  filter.iUsage = EPKCS15UsageAll;
RPointerArray<CCTKeyInfo> iKeys; // This variable will contain the result of the set management policy operation
keyStore->List(iKeys, filter, iStatus);


// Retrieve the key handle of the appropriate key

// Select the key with the label you are looking for
TInt keyIndex;
for (TInt j = 0; j < iKeys.Count(); j++)
    if (iKeys[j]->Label() == KLabel) 
        keyIndex = j;


// Set the management policy

TSecurityPolicy managementPolicy;
TUint vendorId = 0x70000007;
TCapability caps[3];
caps[0] = ECapabilityWriteUserData;
caps[1] = ECapabilityDRM;
caps[2] = ECapabilityReadUserData;

managementPolicy = TSecurityPolicy(TSecureId(secureId), caps[0], caps[1], caps[2]);
keyStore->SetManagementPolicy(*iKeys, managementPolicy, iStatus);

//Clean up
CleanupStack::PopAndDestroy(); // iFs