A management policy signifies the security check required to perform management operations on the key. The management policy associated with the key is of type TSecurityPolicy. The policy can be set to check capabilities or the Vendor ID associated with the calling process. The calling process should have a WriteUserData capability.
The following code snippet shows how to set management policy for a key.
//Create a file system session object RFs iFs; CleanupClosePushL(&iFs); ... // Initialise the keystore and member functions CUnifiedKeyStore* keyStore = CUnifiedKeyStore::NewL(fs); keyStore->Initialize(iStatus); //iStatus is a TRequestStatus object ... // Retrieve the handle of the key for which management policy has to be set TCTKeyAttributeFilter filter.iUsage = EPKCS15UsageAll; RPointerArray<CCTKeyInfo> iKeys; // This variable will contain the result of the set management policy operation keyStore->List(iKeys, filter, iStatus); ... // Retrieve the key handle of the appropriate key _LIT(KLabel,”keylabel”); // Select the key with the label you are looking for TInt keyIndex; for (TInt j = 0; j < iKeys.Count(); j++) { if (iKeys[j]->Label() == KLabel) { keyIndex = j; break; } } ... // Set the management policy TSecurityPolicy managementPolicy; TUint vendorId = 0x70000007; TCapability caps[3]; caps[0] = ECapabilityWriteUserData; caps[1] = ECapabilityDRM; caps[2] = ECapabilityReadUserData; managementPolicy = TSecurityPolicy(TSecureId(secureId), caps[0], caps[1], caps[2]); keyStore->SetManagementPolicy(*iKeys, managementPolicy, iStatus); //Clean up CleanupStack::PopAndDestroy(); // iFs