Revert "Merge pull request #43946 from jhorwit2/jah/host-path-psp"

This reverts commit b5eadb5d6b, reversing
changes made to 1889d654f5.

pkg/security/podsecuritypolicy/util/util.go

@@ -18,7 +18,6 @@ package util
 
 import (
 	"fmt"
-	"strings"
 
 	"k8s.io/apimachinery/pkg/types"
 	"k8s.io/apimachinery/pkg/util/sets"
@@ -172,52 +171,3 @@ func UserFallsInRange(id types.UnixUserID, rng extensions.UserIDRange) bool {
 func GroupFallsInRange(id types.UnixGroupID, rng extensions.GroupIDRange) bool {
 	return id >= rng.Min && id <= rng.Max
 }
-
-// PSPAllowsHostVolumePath is a utility for checking if a PSP allows the host volume path.
-// This only checks the path. You should still check to make sure the host volume fs type is allowed.
-func PSPAllowsHostVolumePath(psp *extensions.PodSecurityPolicy, hostPath string) bool {
-	if psp == nil {
-		return false
-	}
-
-	// If no allowed paths are specified then allow any path
-	if len(psp.Spec.AllowedHostPaths) == 0 {
-		return true
-	}
-
-	for _, allowedPath := range psp.Spec.AllowedHostPaths {
-		if hasPathPrefix(hostPath, allowedPath) {
-			return true
-		}
-	}
-
-	return false
-}
-
-// hasPathPrefix returns true if the string matches pathPrefix exactly, or if is prefixed with pathPrefix at a path segment boundary
-// the string and pathPrefix are both normalized to remove trailing slashes prior to checking.
-func hasPathPrefix(s, pathPrefix string) bool {
-
-	s = strings.TrimSuffix(s, "/")
-	pathPrefix = strings.TrimSuffix(pathPrefix, "/")
-
-	// Short circuit if s doesn't contain the prefix at all
-	if !strings.HasPrefix(s, pathPrefix) {
-		return false
-	}
-
-	pathPrefixLength := len(pathPrefix)
-
-	if len(s) == pathPrefixLength {
-		// Exact match
-		return true
-	}
-
-	if s[pathPrefixLength:pathPrefixLength+1] == "/" {
-		// The next character in s is a path segment boundary
-		// Check this instead of normalizing pathPrefix to avoid allocating on every call
-		return true
-	}
-
-	return false
-}