Deny access to 'nvram' in the WebKit sandboxes. No API surface interacts with this low-level feature, and other system sandboxes already deny it. It should not have been possible to reach nvram, but there's no reason to allow the sandbox to access it. <rdar://problem/66583129>
Created attachment 427709 [details] Patch
Confirmed proper function on iOS device and macOS. Waiting for EWS to show any other impact on downlevel platforms.
Comment on attachment 427709 [details] Patch R=me.
Committed r277032 (237345@main): <https://commits.webkit.org/237345@main> All reviewed patches have been landed. Closing bug and clearing flags on attachment 427709 [details].
<rdar://problem/77567746>