Third Party Reviews for Android


Where can third party code be stored?

Third party code is any code not under the AOSP Apache 2 license.

If you don’t have a really good reason to store the code elsewhere, third party code belongs in platform/external. That said, there are five other places where third party source also sometimes occurs in Android: toolchain/, kernel/, vendor/, hardware/, and device/*.

How to add new third party code to Android

Follow the below steps to create a special Gerrit change in the


NOTE: Different from the normal Gerrit review process, the importer is responsible for preparing/updating a complete repository containing the library to be imported while only the third party plugin is able to create and update the Gerrit change.

After the change is ready. The Licensing, Security, and Platforms teams will +1 the change. The architecture review committee (emailremoved@) will provide their approval. The Android Build Team have the final approval by way of fulfilling the request and creating the project after the other reviewers approve.

Third party review step by step

  1. Stage the repo you want to add on Git-on-Borg. For example, to fork boringssl from Github to git on borg:

    $ gob-ctl create user//my-boring -reader all_users -fork

    You can verify your repo was properly staged at link.

  2. Ensure that a LICENSE file exists at the root of the repo with the full text of the project’s license. If this file does not exist, or is named something else like COPYING or LICENSE.txt, add a LICENSE file. Please create a NOTICE file by copying the LICENSE file. Please create a MODULE_LICENSE_xyz where “xyz” is the license type, for example, MODULE_LICENSE_BSD, MODULE_LICENSE_GPL, and MODULE_LICENSE_APACHE2. Please also create a METADATA file at the root of the repo. You can automatically generate one by using the form at go/thirdparty/metadata.

    Updates to the change files must first be created in the staged repository, e.g. user//reponame:

    git clone sso://user/$USER/my-boring
    cd my-boring
    # add/change the necessary files
    git add .
    git commit -m "Add metadata files"
    git push origin master

    Then click ‘Sync’ to fetch the new commit to the change which will be populated as a new patchset.

  3. Go here to add third-party code to Android Internal.

    If you are creating the project on more than one instance, such as AOSP and internal, just stage your code on Internal and add a comment in the change about the full set of hosts for project creation as a hint.

  4. Click the ‘Create third-party change’ button and specify which staged repo to stage for review, which branch, and the name of the destination repo. For example:

    • Source Repository Url: “user//reponame”
    • Source Branch: “master”
    • Target Repository Name: “test-import-junit”

    NOTE: The “Target Repository Name” will be used directly during the clone. For example, if the expected repository is “platform/third_party/repo”, then the “Target Repository Name” should be exactly the same.

  5. After the change is created, the target repository can be renamed through the ‘Rename repository’ button.

  6. After the change is ready. Mandatory reviewers will review, and may ask you questions in the change. Once all mandatory labels go +1, members of the Android Build team will be alerted and your repo will be created.

  7. Escalations: If any reviewers take longer than 48 hours from the time of change creation, ping them.

    Third Party Review: emailremoved@

    Security Review: emailremoved@

    Android Build Team: ping the interrupt person on call

    Anything else: emailremoved@

For issues with this policy or tooling, please email emailremoved@

Reviewer standards

Please ensure that the repo to be cloned to platform/external only includes files under the following licenses. It is ok if the repo has many licenses as long as they all fall under one of the below.

If you see any other license types, or notice licensing abnormalities, please escalate to emailremoved@. Link to the change.

  • Apache/Apache2
  • BSD
  • MIT
  • Eclipse Public License
  • LGPL 2.1
  • GPL 2.0
  • GPL 3.0
  • LGPL 3.0
  • Python Software Foundation
  • ISC
  • OFL 1.1
  • Clang/LLVM

Except as otherwise noted, the content of this page is licensed under CC-BY-4.0 license. Third-party product names and logos may be the trademarks of their respective owners.