Yes, if you like to phrase it that way, the standard unix permissions are "whitelist".
The usual way to deal with permissions is to create a new group that abstracts over all files that should behave similarly, give those files the corresponding group id, and make all users that should get those permissions part of the group. That's why users can be members of many groups.
Permissions to use devices are handled in the same way, that's why you have groups like input, disk etc. in many distributions.
So in that sense, you could think of a group as a particular "rule" of your "permission ruleset". The restriction is that each file only can have a single rule with a single rwx combination of permissions, beyond the "user" and "other" permissions.
So your scenario where one group of users needs to have one set of permissions and another group needs to have a different set of permissions for the same file or directory can't be implemented with standard unix permissions.
However, there's an extension to the standard unix permissions called access control lists (ACL). See man acl for details. For many file systems, you must specify an option to activate acl's when mounting them.