# AOSP system-app deployment (computer-use on the Eliza AOSP fork)
> Status: **design + contract**. The desktop CUA surface (capture, input, scene,
> Brain→Cascade→dispatch) is production; the AOSP path is partially built —
> `createAospInputActor()` returns `null` in consumer builds today
> (`src/actor/aosp-input-actor.ts`), and the privileged bridge below is the
> remaining work. This doc is the contract that wiring must satisfy. See
> [`ANDROID_CONSTRAINTS.md`](./ANDROID_CONSTRAINTS.md) for the honest scope on
> stock (non-system) Android, and `docs/android-aosp-validation.json` for the
> release evidence manifest this path is gated on.
## Why a system app
On stock Android an app cannot freely read the framebuffer of *other* apps or
inject input into them — those are `signature|privileged` permissions. The Eliza
AOSP fork ships the agent as a **platform-signed system app** (or a privileged
companion service), which unlocks the two capabilities a computer-use agent
needs:
| Capability | Stock Android | AOSP system app |
|---|---|---|
| Full-screen capture | `MediaProjection` (per-session user consent, own-app-biased) | `SurfaceControl.captureDisplay` / `READ_FRAME_BUFFER` (no prompt, any display) |
| Global input injection | none (only own UI / a11y gestures) | `InputManager.injectInputEvent` with `INJECT_EVENTS` |
| Element grounding | `AccessibilityService` tree (opt-in) | `AccessibilityService` tree + OCR, always available |
## Manifest / signing
```xml
```
- Sign with the platform key; install under `/system/priv-app` (or
`/product/priv-app`) with a matching `privapp-permissions` allowlist entry for
the two signature permissions.
- Non-system builds **must** degrade to the `MediaProjection` + `AccessibilityService`
path (see ANDROID_CONSTRAINTS.md). The plugin feature-detects at runtime and
never assumes the privileged path.
## Capture — `ScreenState` source
The AOSP capture feeds the same per-display frame contract the desktop scene
uses (`DisplayCapture { display, frame: PNG }`, see `src/platform/capture.ts`):
- **Privileged**: `SurfaceControl.captureDisplay(DisplayCaptureArgs)` →
`HardwareBuffer` → PNG. No user prompt; supports secondary/virtual displays.
- **Fallback**: `MediaProjection` + `ImageReader` (one-time user consent), wired
in `src/mobile/android-scene.ts` / `mobile-screen-capture.ts`.
Both paths populate the Android scene (`android-scene.ts`) with display bounds so
multi-display coordinate translation (`src/platform/coords.ts`) works unchanged.
## Input — `AospPrivilegedInputBridge`
`src/actor/aosp-input-actor.ts` is the seam. `createAospInputActor()` returns
`null` today; the privileged bridge must implement the `ComputerInterface` verbs
via `InputManager.injectInputEvent`:
| Verb | Implementation |
|---|---|
| `click` / `double_click` / `long_press` | `MotionEvent` ACTION_DOWN→UP (→DOWN→UP) at (x,y), `INJECT_INPUT_EVENT_MODE_ASYNC` |
| `drag` | ACTION_DOWN → interpolated ACTION_MOVE waypoints → ACTION_UP (mirror the desktop manual-drag in `nut-driver.ts`) |
| `scroll` | per-notch ACTION_SCROLL or MOVE deltas (mirror the desktop per-notch split) |
| `type` | `KeyEvent` stream or `InputConnection` commit |
| `key` / `key_combo` | `KeyEvent` with meta-state |
Coordinates are **logical display pixels** (same contract the empirical Windows
probe established for nutjs); the bridge applies the display's density only if
`injectInputEvent` is found to operate in physical pixels on the target ROM —
verify empirically before adding any scale, exactly as documented for the
desktop driver.
## Grounding — Brain-less, Actor-only (cheap by construction)
There is **no mobile Brain** (no full-frame VLM reasoning loop on device). AOSP
uses the **Actor-only** path: `OcrCoordinateGroundingActor` resolves a target by
matching `Scene.ocr` (OCR boxes) and `Scene.ax` (`AccessibilityNodeInfo`
clickables) — exactly the structured readout `GET_SCREEN` produces (#9105 M2).
This means AOSP gets computer-use **without a remote VLM**:
1. `android-scene.ts` builds `Scene` from MediaProjection/SurfaceControl capture
+ the `AccessibilityNodeInfo` tree + OCR.
2. OCR provider: register **PaddleOCR PP-OCRv5 mobile (Paddle-Lite)** as the
AOSP `CoordOcrProvider` via `registerCoordOcrProvider` (the same seam
plugin-vision uses on desktop, #9105 M1) — on-device, ARM-optimized, zero LLM
tokens.
3. `Cascade` grounds via `resolveReference` (OCR/AX text-match) with the
per-Scene grounding cache (#9105 M5); `dispatch` routes the concrete coords to
the `AospPrivilegedInputBridge`.
## Remaining work (tracked in #9105 M6)
- [ ] Implement `AospPrivilegedInputBridge` and return it from
`createAospInputActor()` when the privileged permissions are held.
- [ ] `SurfaceControl.captureDisplay` capture path + `MediaProjection` fallback
feeding `android-scene.ts`.
- [ ] Register Paddle-Lite PP-OCRv5 as the AOSP `CoordOcrProvider`.
- [ ] Empirically verify `injectInputEvent` coordinate space (logical vs
physical) on the target ROM before any density scaling.
- [ ] Complete `docs/android-aosp-validation.json` evidence (capture + a click
landed via injection + an OCR-grounded tap) and gate the release on it.
## Security
All destructive actions still pass through `ComputerUseApprovalManager`
(`smart_approve` by default). A platform-signed agent with `INJECT_EVENTS` is a
high-privilege component — keep approval gating on, scope the priv-app allowlist
to exactly the two signature permissions, and never expose the injection bridge
over an unauthenticated IPC surface.