How to create a custom SELinux file label with write access restricted to specific process types?

I want to restrict write access to certain files so that only specific process types (domains) can modify them. For this, I need to create a custom file label and assign it to those files. Following [this answer](https://unix.stackexchange.com/a/329677/620385) , I used:

type ;
files_type();

But files_type() seems to implicitly allow access to all process types. If I skip files_type() and just declare:

type ;

then semanage fcontext -a -t "/some/path" fails with:

ValueError: Type  is invalid, must be a file or device type

Question: What is the correct way to declare a file label that: - Can be assigned to paths via semanage fcontext. - Doesn’t allow access to any processes types except those explicitly granted via allow rules?