Rich rules on zones can have source ports, according to this.
According to this, rich rules on policies cannot have a source port.
Is it correct or is it an oversight in the documentation?
Also, it is absolutely not clear how rules can be created on policies.
I read through this but could not glean any useful commands.
How did you determine that from the linked documentation?
That document says
A firewalld policy configuration file contains the information for a policy. These are the policy descriptions, services, ports, protocols, icmp-blocks, masquerade, forward-ports and rich language rules in an XML file format.
which clearly does states that it configures ports and the following info shows ports to be configured.
By comparing XML samples. One has a source port, the other does not.