Deny access to 'nvram' in the WebKit sandboxes. No API surface interacts with this low-level feature, and other system sandboxes already deny it. It should not have been possible to reach nvram, but there's no reason to allow the sandbox to access it.
Created attachment 427709 [details]
Confirmed proper function on iOS device and macOS. Waiting for EWS to show any other impact on downlevel platforms.
Comment on attachment 427709 [details]
Committed r277032 (237345@main): <https://commits.webkit.org/237345@main>
All reviewed patches have been landed. Closing bug and clearing flags on attachment 427709 [details].