PolicyKit is for allowing controlled privilege escalation -- e.g., letting a user muck with /etc/passwd.
SELinux is for locking down stuff further than it would be otherwise -- e.g., making it so your firefox *can't* delete your home directory, even if someone tricks it into loading a bunch of arbitrary code from the web and executing it. All the complicated stuff is just the messy work of explaining to the computer exactly what you mean by "home directory", "firefox", and "can't delete".
This isn't just a heuristic all-else-being-equal kind of distinction; the way the kernel is written PolicyKit *can't* forbid anything that would otherwise be allowed, and SELinux *can't* allow anything that would otherwise be forbidden.
Sure, sometimes the thing you want to lock down is run by root, because it's some system daemon that (due to limitations in the traditional unix model) has to be run as root -- 'sshd', say, or your example, 'passwd'. Neither of these programs needs to do *everything* root can do, though -- a bug in passwd (or PolicyKit!) should not allow me to load kernel modules or reformat the hard drive... So you want something more fine-grained.