A management policy signifies the security check required to perform management operations on the key. The management policy associated with the key is of type TSecurityPolicy . The policy can be set to check capabilities or the Vendor ID associated with the calling process. The calling process should have a WriteUserData capability.
The following code snippet shows how to set management policy for a key.
//Create a file system session object
RFs iFs;
CleanupClosePushL(&iFs);
...
// Initialise the keystore and member functions
CUnifiedKeyStore* keyStore = CUnifiedKeyStore::NewL(fs);
keyStore->Initialize(iStatus); //iStatus is a TRequestStatus object
...
// Retrieve the handle of the key for which management policy has to be set
TCTKeyAttributeFilter filter.iUsage = EPKCS15UsageAll;
RPointerArray<CCTKeyInfo> iKeys; // This variable will contain the result of the set management policy operation
keyStore->List(iKeys, filter, iStatus);
...
// Retrieve the key handle of the appropriate key
_LIT(KLabel,”keylabel”);
// Select the key with the label you are looking for
TInt keyIndex;
for (TInt j = 0; j < iKeys.Count(); j++)
{
if (iKeys[j]->Label() == KLabel)
{
keyIndex = j;
break;
}
}
...
// Set the management policy
TSecurityPolicy managementPolicy;
TUint vendorId = 0x70000007;
TCapability caps[3];
caps[0] = ECapabilityWriteUserData;
caps[1] = ECapabilityDRM;
caps[2] = ECapabilityReadUserData;
managementPolicy = TSecurityPolicy(TSecureId(secureId), caps[0], caps[1], caps[2]);
keyStore->SetManagementPolicy(*iKeys, managementPolicy, iStatus);
//Clean up
CleanupStack::PopAndDestroy(); // iFs
Copyright ©2010 Nokia Corporation and/or its subsidiary(-ies).
All rights
reserved. Unless otherwise stated, these materials are provided under the terms of the Eclipse Public License
v1.0.