Yes, this can be done.

SELinux is a labeling system, and access to perform different operations on files (but also users, processes, ...) is granted based on the security context of the originating process.

The reference policy defines is the security context of a process:

# ps -defZ | grep httpd
system_u:system_r:httpd_t:s0    root      1085     1  0 21:22 ?        00:00:00 /usr/sbin/httpd -DFOREGROUND

In this example, the security context has the following elements:

• system_u: the SELinux user
• system_r: the SELinux role
• httpd_t: the SELinux type enforcement attribute.
• s0: the MLS/MCS range, relevant in policies other than the default targeted one.

And also defines what security contexts a process can have access to:

# ll -dZ /srv/www/html/
drwxr-s---. root apache system_u:object_r:httpd_sys_content_t:s0 /srv/www/html/

# sesearch -s httpd_t -t httpd_sys_content_t -c file -p read -Ad
Found 1 semantic av rules:
   allow httpd_t httpd_sys_content_t : file { ioctl read getattr lock open } ;

In the example above, given the security context of the directory /srv/www/html, you can find using sesearch(1) if it is defined in the policy that a process labeled httpd_t can have read access to a directory labeled httpd_sys_content_t.

Check the manpage of sesearch for more options.

So, for a forked process to be restricted to access files opened by its parent, you should ensure that there's policy in place that permits that operation.