Steve,
yes I agree it SHOULD be easy but it just does not seem to work. e.g.
If one takes the default editor role (which already has login, and the ability to do anything with the content class)and adds selfedit and password editing policies, it allows the user to edit the password but not get access to read or edit their details at /content/edit/<user_node_id> the returned error is 'Your account does not have the proper privileges to access the requested page.'
Actually I wasn't talking about the code in the template (as I have no idea what template it is that takes care about the login tool) but about the produced link. So if I log on with user ID 133 (node ID 130, object ID 133), the default templates create a link in my login tool to /content/edit/133. This looks good to me, and as this user has the user/selfedit policy, I expect no problem...
I just ran into a similar problem, and content edit Owner( Self ) didn't work - the reason was I had assigned that set of permissions to a sub-tree, and so the Owner( Self ) didn't apply to the user objects. Watch out for that one ;)