You want to block upload to the icloud.com while allowing access to that domain for other operations.

Here's an example of how to block uploads to the iCloud.

1. Start Visual Policy Manager (VPM)
2. Policy > Add Web Access Layer, give a name to the Web Access Layer (You can create a new rule on the existing Web Access Layer as well)
3. Source: set the source who is subjected to the policy (Can be applied be left as ANY, your preference based on policy design)
4. New > Combined Destination Object, give a name to the Object > New > Request URL > Check simple match and add "p45-contentws.icloud.com" (This is the subdomain that iCloud is calling when uploading the files) > Ok > Add the rule to upper right corner of the combined object.
5. Create another new request URL and choose Regular Expression Match instead simple match, then enter upload as Regex. Move this rule to the lower right corner.
6. Action = Deny
7. Install Policy

This would block the upload to iCloud drive. If you want to block the other features such as uploading the pictures, you will have to find the sub domain that are called during the upload, and manually add the URL to the combined object (Step 4).