How to Confine an In-House written process using SELinux

Hello,

Can anyone provide me a clear yes/no to a query I have regarding SELinux. In the same way that SELinux is configured to confine standard processes such as httpd, sshd etc, is there any way that I can apply an SELinux domain to an in-house developed process. I am working on a project to Security harden a service so in addition to all the usual bells and whistles we need to confine a network service that listens on a number of ports. We obviously are running SELinux in Enforcing/Targeted mode. Having read the SELinux User and Administration guide from cover to cover, and waded thru lots of community support web information I'm coming to the conclusion I can't do this? I'd hoped I would be able to map a user to a customer defined selinux user, or better, create a customer defined domain to tag my process with. Then simply create and install modules to take care of any access issues. The closest I've seen for any sort of a way to achieve this would be to execute my process within the sandbox wrapper, which just doesn't seem the real purpose of it at all.
On Ubuntu I've done exactly the same task by creating a basic Apparmor profile, and then though rigorous testing adding file access information to it. Finally I run the in-house written process's profile in "Enforcing" mode and everyone's happy.

Can I or can I not achieve this with SELinux ? Any pointers to documentation that specifically covers the tasks required would be greatly appreciated.

[Using RHEL/Centos v7]

Regards,
Andy