Per-directory permissions on git

Try nigit https://github.com/kingsimba/nigit. My team(over 30 people) has been using it for years.

It can manage correlated projects as a whole, by pulling them together, switching branch together, etc. Each project has its own collaborators and permissions.

If someone don't have permission to some source code(subprojects), they can use the compiled binaries.

$ nigit status
=== nigit ===
+ some_new_file
- some_deleted_file
M some_modified_file
? some_untracked_file
=== ncgeo ===
- other_deleted_file
? other_untracked_file

It is doable with a central repo with access (push/pull) managed by gitolite.
See its features.

If you combine that with submodules (which you are aware of), you would only manage per-repo or per branch access and still commit both project1 and project2 (with two commits in case of a subrepo: see this question)

If you insist on working with one repo (even though you have to set of data which could evolve with their own lifecycle, which should make them good candidates for modules), then the gitolite features do include:

file/dir NAME based restrictions

In addition to branch-name based restrictions, gitolite also allows you to restrict what files or directories can be involved in changes being pushed

dpk mentions in the comments that this last feature (the file/dir name restriction) is detailed in the conf/example.conf file of Gitolite.