Regarding the /tmp access-- I'm guessing that TMPDIR is not being set by the process launching the confined plugin. It can be set to one of the writable directories in the 1.3.4 policy; I suggest /run/user/$USER/online-accounts-ui/@{APP_PKGNAME}_@{APP_APPNAME}/ since it is in /run and will be cleaned on reboot. If you pick this, I'll adjust the policy.
Regarding the /tmp access-- I'm guessing that TMPDIR is not being set by the process launching the confined plugin. It can be set to one of the writable directories in the 1.3.4 policy; I suggest /run/user/ $USER/online- accounts- ui/@{APP_ PKGNAME} _@{APP_ APPNAME} / since it is in /run and will be cleaned on reboot. If you pick this, I'll adjust the policy.