WS-Policy is a very generic policy language that is not particularly aimed at authorization or access control. WS-Policy focuses more on what should happen to the message (e.g. signature, encryption...). WS-Policy policies can be referenced to from the WSDL or you can use XSLT to embed the policy inside the WSDL after you generated your WSDL from the service stub.
XACML is much more specific to access control. In that sense, it is probably better suited to your use case. There are several open-source and vendor alternatives. Axiomatics, the vendor I work for, has a JAX-WS interceptor which intercepts your web service message and applies fine-grained authorization using XACML.
Regarding your third question:
Can i limit what services a client can search for in the repo by using WS-Policy with UDDI ? Is is supported by Axis2 ?
I don't believe you can do that. Also, UDDI isn't actively developed anymore. The standard is a bit old.
Bottom line: WS-Policy is more about how to expose your service and how to handle operations and messages. XACML is more about the actual business authorization logic.