Third Party Reviews for Android
Where can third-party code be stored?
Third-party code is any code not under the AOSP Apache 2.0 license.
If you don’t have a really good reason to store the code elsewhere, third party
code belongs in
platform/external. That said, there are five other places
where third-party source also sometimes occurs in Android:
How to add new third party code to Android
Follow the below steps to create a special Gerrit change in the
NOTE: Different from the normal Gerrit review process, the importer is responsible for preparing/updating a complete repository containing the library to be imported while only the third party plugin is able to create and update the Gerrit change.
After the change is ready. The Licensing, Security, and Platforms teams will +1 the change. The architecture review committee (emailremoved@) will provide their approval. The Android Build Team have the final approval by way of fulfilling the request and creating the project after the other reviewers approve.
Third-party review step by step
Stage the repo you want to add on Git-on-Borg. For example, to fork
boringsslfrom GitHub to Git-on-Borg:
$ gob-ctl create user//my-boring -reader all_users -fork https://github.com/google/boringssl.git
You can verify your repo was properly staged at link.
Ensure that a
LICENSEfile exists at the root of the repo with the full text of the project’s license. If this file does not exist, or is named something else like
LICENSE.txt, add a
Please create a
NOTICEfile by copying the
Please create a
MODULE_LICENSE_xyzfile, where “
xyz” is the license type, for example,
Please create a
METADATAfile at the root of the repo. See go/thirdparty/metadata for a detailed explanation of the
METADATAfile and its fields.
Updates to the change files must first be created in the staged repository, e.g. user//reponame:
git clone sso://user/$USER/my-boring cd my-boring # add/change the necessary files git add . git commit -m "Add metadata files" git push origin master
Syncto fetch the new commit to the change which will be populated as a new patchset.
Go here to add third-party code to Android Internal.
If you are creating the project on more than one instance, such as AOSP and internal, just stage your code on Internal and add a comment in the change about the full set of hosts for project creation as a hint.
Create third-party changebutton and specify which staged repo to stage for review, which branch, and the name of the destination repo. For example:
- Source Repository Url: “user//reponame”
- Source Branch: “master”
- Target Repository Name: “test-import-junit”
NOTE: The “Target Repository Name” will be used directly during the clone. For example, if the expected repository is “platform/third_party/repo”, then the “Target Repository Name” should be exactly the same.
After the change is created, the target repository can be renamed through the “Rename repository” button.
After the change is ready. Mandatory reviewers will review, and may ask you questions in the change.
Please hold on to the change until the following 3 reviews are done. If it takes too long on any of these reviews, please follow step 12 to escalate.
- Security-Review * ******************
Once the change and review are ready, please open a ********* ticket with component:
Android > Android OS & Apps > Buildand provide the following information:
- The change number or URLs of the change
- The complete external source URLs (example: https://github.com/shyiko/ktlint.git)
- The name of the source branch (usually is master but not always)
- The target server(s): internal, AOSP, and/or partner
Escalations: If any reviewers take longer than 48 hours from the time of change creation, ping them.
Third Party Review: emailremoved@
Security Review: emailremoved@
Android Build Team: ping the interrupt person on call
Anything else: emailremoved@
For issues with this policy or tooling, please email emailremoved@.
Please ensure that the repo to be cloned to
platform/external only includes
files under the following licenses. It is ok if the repo has many licenses as
long as they all fall under one of the below.
If you see any other license types, or notice licensing abnormalities, please escalate to emailremoved@. Link to the change.
- Eclipse Public License
- LGPL 2.1
- GPL 2.0
- GPL 3.0
- LGPL 3.0
- Python Software Foundation
- OFL 1.1
Except as otherwise noted, the content of this page is licensed under CC-BY-4.0 license. Third-party product names and logos may be the trademarks of their respective owners.