I know there is a permission check (pid/uid) when calling InputManager.
the UID of monkey process is not equal with the UID of current activity. but why monkey process could inject event into the current window of activity?
this is because "adb shell" user have the permission. Check /etc/permissions/platform.xml:
<assign-permission name="android.permission.INJECT_EVENTS" uid="shell" />