Take the two constraints listed together on page 96 and write them as a single constraint statement.
2.
A common neverallow invariant rule is this:
neverallow domain ~domain : process transition ;
Write a constraint that is as close as possible to the equivalent meaning of this invariant.
3.
Recall the example validatetrans statement from page 93:
validatetrans {file lnk_file} ( ( t3 == relabel_any) or ( t2 != shadow_t or t1 != user_tmp_t ) );
Let's suppose that you want to add a number of other types to the list of those you do not to be relabeled from user_tmp_t. How would you change this constraint to achieve this goal?